Multihome BGP - ASA doing NAT, how to route ASA?

Answered Question
Mar 27th, 2008
User Badges:

We have a Cisco ASA failover pair doing NAT. External to that we have a switch that connects to our two external internet routers. We are in the process of implementing BGP with our ISPs between the two routers. We have been assigned a Class C by each ISP for BGP routing. Both internal interfaces on the routers have external IPs--so I can't run HSRP?? What gateway would I point the Cisco ASA to?? I'm confused at how I should handle the IP addressing/routing from the ASA to the switch to the routers...

Correct Answer by smitty6504 about 9 years 5 days ago

We have the same setup. This can be done very easly. You need to run an IGP between the router and the ASA. We are using OSPF with default-information originate on both routers. Then set the metic on the router you want to use as your backup ISP. For NATing please look at the link below.


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
royalblues Thu, 03/27/2008 - 23:36
User Badges:
  • Green, 3000 points or more

You need to have your own address space for this to exactly work


Have a look at devices like radware linkproof which can dynamically change the NAT based on the availability of links and even loadbalance between different ISPs

http://www.radware.com/Products/ApplicationDelivery/LinkProof/default.aspx


Just before your post i saw a post from Paolo about EEM support on the routers.

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6815/config_guide_eem_configuration_for_cisco_integrated_services_router_platforms.html


HTH

Narayan

trippi Tue, 04/15/2008 - 10:43
User Badges:

There is no way to get this to work with 2 class Cs? One from each provider?

trippi Mon, 04/21/2008 - 10:49
User Badges:

Can I use just one class C from one of the providers? The other is willing to peer that Class C.

t814687 Fri, 04/25/2008 - 05:52
User Badges:

BGP routing is not supported on Cisco ASA appliances. I'm not sure how are you going to peer with your ISP. You need a router.


serg

Correct Answer
smitty6504 Fri, 04/25/2008 - 08:37
User Badges:

We have the same setup. This can be done very easly. You need to run an IGP between the router and the ASA. We are using OSPF with default-information originate on both routers. Then set the metic on the router you want to use as your backup ISP. For NATing please look at the link below.


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml


Actions

This Discussion