Two ISPs, Static Route, Exchange Server.

Unanswered Question
Jun 3rd, 2009
User Badges:

I have Internet connection to an ISP who assigned PA IP addresses in which some of the IP addresses is used in hosting Microsoft Exchange in house. We wish to add another ISP who will assigned another block of its own PA IP addresses. We wish to use the second ISP as backup but we want our Exchange Server to be operational irrespective of the ISP that is active. We don't want to implement BGP now because(It will take me time to get AS from AFRINIC, and to purchase a router that I intend to use as BGP router). We want to connect to the two ISP using static route also. What can we do to achieve our immediate goals.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Laurent Aubert Wed, 06/03/2009 - 11:26
User Badges:
  • Cisco Employee,

Hi,


On your Internet router facing both ISPs, you could create two NAT static entries, one for each address allocated from each ISP.

This way the real private of your server doesn't change.


HTH


Laurent.

defash Wed, 06/03/2009 - 12:10
User Badges:

Hi Laurent,


Could you please explain how the NAT will be created (ISP-A assigned X.X.X.X and ISP-B assigned Y.Y.Y.Y). Presently the Exchange server has one IP address within X.X.X.X range). Considering also we want to use two Cisco 1811 routers to offer HSRP.

Laurent Aubert Wed, 06/03/2009 - 13:03
User Badges:
  • Cisco Employee,

Hi,


Because you want to use specific addresses, I assume you want to allow connection from the outside


1- You need to choose a private adress z.z.z.z which will be your new Server IP addresses. This address must be reachable from both 1811 routers.


2- 1811 configuration:


1811-ISP-A:


ip nat inside source static z.z.z.z x.x.x.x


1811-ISP-B:

ip nat inside source static z.z.z.z y.y.y.y


For traffic originated by the server, your routing policy is configured to sent it to 1811-ISP-A so the server source address will be translated to x.x.x.x. Because the connection is initiated from the inside, we are sure the returning traffic will come back to the same 1811. If this link failed, traffic will be re-routed to ISP-B and server source address will be translated to y.y.y.y


The issue is for connection initiated from the outside. The remote host must first know somehow if ISP-A link is working or not. If yes, it can use x.x.x.x as the destination address. If this link is down, it must use y.y.y.y address.

If the remote host try y.y.y.y and ISP-A link is available, connection will not be established.


Also don't forget you should protect your server from all the traffic received from the outside.


HTH


Laurent.

Actions

This Discussion