inbound and outbound traffic loadbalaning and redundency beween two isp's

sujitkr7cisco · ‎12-17-2007

I have two links with different ISP's and both the links (512Kbps)are terminated on seprate seprate cisco routers(2811).Currently we are useing one link and another one link is new.I want to loadsharing and redundency between them.Right now i am not using BGP (routers are configured in simple manner).Here is a my client cost matter,so i want .My presant network seneriois like this:-

Internet Ri(Isp1)-- Layer 3 switch (working here like as a simple switch)---firewall 1 (cisco ASA5510)--firewall 2(ciscoASA5510)---Lan.

on firewall-1 remote and site to site vpn configuered, one dmz.

my lan is in 172.16.1.xx series,dmz in 172.16.4.10, and after 172.16.1.30 is using for desktop ,192.168.x.x is managment ip.

Right now i have one another internet link(512kbps) from different ISP.

So please advise me how can i do that (loadbalancing with redundeny). once i was trying oer but not successfull due to IOs image (c2800nm-ipbasek9-mz.124-11.T.bin)and

ISP's AS.it can be possible through natting,and ACL. or ple give me any idea with OER or any solution.If possible ple send me also sample configuration.

paolo bevilacqua · ‎12-25-2007

Hi,

For this, you must use NAT to both providers.

There is no other alternative.

To begin wit, configure two static routes on the router that receives traffic. Both routers will have NAT.

Once you got that working, you can add the statements for a faster redundancy (oer), but that is secondary.

sujitkr7cisco · ‎12-26-2007

Hi,

but here firewall 1 is gatway for all inside network and this is public IP.If you want sh run or else , its my pleasure and plese help me to solve this issue and if any document you have please provide me .

Thanks and regards,

sujeet

paolo bevilacqua · ‎12-26-2007

Hi,

I'm not sure if the ASA can do load balancing, perhaps in version 8, you can ask this in the "security" forum.

The alternative is that you do NAT in both routers, and that would do what you want.

sujitkr7cisco · ‎12-26-2007

Hi,

Great ,i want to go with you,

this is my router old router (which right now working)config which is very simple and another is just like only its ip are changed.

!

interface FastEthernet0/0

ip address 59.160.x.x 255.255.255.240

ip accounting output-packets

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.x.x 255.255.255.0

duplex auto

speed auto

!

interface Serial0/0/0

ip address 59.160.x.x 255.255.255.252

--More-- ip accounting output-packets

ip virtual-reassembly

!

ip route 0.0.0.0 0.0.0.0 Serial0/0/0

ip route 172.16.0.0 255.255.0.0 59.160.x.x

and this is my router :-(both are same)

21009780 Apr 13 2007 04:05:02 +00:00 c2800nm-ipbasek9-mz.124-11.T.bin

3 1823 Apr 13 2007 04:13:28 +00:00 sdmconfig-2811.cfg

4 4734464 Apr 13 2007 04:13:56 +00:00 sdm.tar

5 833024 Apr 13 2007 04:14:12 +00:00 es.tar

6 1052160 Apr 13 2007 04:14:30 +00:00 common.tar

7 1038 Apr 13 2007 04:14:42 +00:00 home.shtml

8 102400 Apr 13 2007 04:14:54 +00:00 home.tar

9 491213 Apr 13 2007 04:15:12 +00:00 128MB.sdf

10 1684577 Apr 13 2007 04:15:34 +00:00 securedesktop-ios-3.1.1.27-k9.pkg

11 398305 Apr 13 2007 04:15:52 +00:00 sslclient-win-1.1.0.154.pkg

33689600 bytes available (30326784 bytes used)

if you want fire wall config ple tell me .

i am waitng your reply .

thanks with regards,

sujeet

paolo bevilacqua · ‎12-26-2007

Hi, as mentioned before, the only way to load-balance without BGP is using NAT, but you do no NAT on this router.

So either you move the NAT function from the ASA to router, or configure the ASA for load balancing (not 100% sure it is possible).

sujitkr7cisco · ‎12-26-2007

Hi,

if i am useing on both router BGP , both the ISP's are provide me his private AS numbers they are not provide me public AS no.

if u help me i will do this through change the firewall 1 ip is in private and then may be we able to creat vlan in a switch.

problem is this is live setup.

Please help me to achive this goal , i will give you all info which is required

Thanks and regards,

sujeet.

paolo bevilacqua · ‎12-26-2007

Hi,

The matter with BGP is not the As only, but the address space that must be routed by both of them. Ask then if they are willing to both announce some address space given to you.

The alternative is to do NAT on the router, but of course that doesn't give redundancy to servers accessed from outside.

If you don't think you can do that, you can hire someone reputable.