Dual ISP Link Configuration

Unanswered Question
Jan 24th, 2008

I have layer 3 cisco Catalyst 3750. I want to configure it with two ISP link. I wana use both links of ISP bandwith.

My PIX firewall will connect with this switch. Firewall has different subnets. Like 172.28.92.x and 172.28.32.x

I want 172.28.92.x traffic goes to ISP 1 and 172.28.32.x traffic goes to ISP 2.

One ISP link IP pool is 19x.x.x.x

2nd IPS link IP Pool is 2x.x.x.x

Kindly tell me how to configure the Switch for multiple ISP links. So that When firewall send traffic after natting it into 19 subnet it goes to ISP 1

and when traffic comes from pix after natting it into 2x subnet it goes to ISP B. Kindly tell me how to configure the switch for multiple ISP.

Kindly tell me how to configure PIX firewall and Catalyst for the following situation.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bapatsubodh Thu, 01/24/2008 - 08:19

Hi,

It may look that I have writeen an essay here but you are requested to be patient and read it. It might help in at least in some part !!

Even we are in the process of doing the same thing. We plan to use a RadWare loadbalancer.

But with your case you can try following steps. I am assuming that outside of PIX is connected to layer 3 swicth. What you can do is create 2 VLANs on L3 swicth , terminate each ISP link in each on the VLAN. And Then use policy based routing ( hopefully it is supported on L3 swicth ) apply policy based rules on corresponding interfaces of switch.

Septs are like as follows :

Define or classify packets to be sent to ISP by catching them in access list.

access-list test _Source_IP...

Access-list test1 _ Source_IP

Then you can policy route the packets which are hit by these access lists. That means if packet matches access_list test then next hop of packet will be ISP1

Or else access_list2 is matching next hop is ISP2.

There is one concern in this case you may be required to once again change source IP address of packet depending upon to whcih ISP packet will be routed to. Even this can be done using NAT in l3 switch ( hope L3 supports ). Check the NAT command syntax it supports the route_map paramenter. That means packets in routemap1 ( indirectly access_list test - matching packets ) will be source NATed to the ISP1 pool and then routed to that perticular inteface.

IT is simple to configure a policy based routing. search cisco.com for policy based routing. U will get many examples.

Thanks.

Hope if this helps.

Rate if this help !

Subodh

wasiimcisco Thu, 01/24/2008 - 08:58

Thanks for the reply, yes you are right my PIX outside is connected with L3 switch.

but my switch is not supporting the NAT command only route map is avialable and in route map i will recall the access-list and set the behaviour in route to send it to ISP one and then ISP two.

My pix will nat the packet and translate few subnet in 193 global ip and one subnet in 41 global ip pool.

But nat is supported on catalyst switch no command available on catalyst

please guide me

Actions

This Discussion