Greetings all. I had a question on a design and would appreciate some thoughts. The customer has a Cisco 2621 with one ISP link via frame relay. Behind this is an existing firewall (not Cisco) that has an address on the ISP1 segment. The customer is getting a second ISP connection to the 2621 with an Ethernet handoff. So the config will look like:
ISP2 (Eth)-> 2621 <-(F/R) ISP1
F/W (ISP1 addr)
I'd like to setup the 2621 for failover - probably using object tagging - so that ISP2 takes over when ISP1 goes down. However, I'm thinking I'd need to NAT everything going to ISP2 so that the return traffic actually makes it back otherwise traffic sent using the existing ISP1 address of the firewall will not return, correct?
Does this sound plausible?
The other option would be to connect ISP2 straight to the firewall but I'm not sure they can spare their DMZ interface for this purpose.
Thanks in advance for an comments.