Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
976
Views
10
Helpful
17
Replies

multihoming issue

jvalin__s
Level 1
Level 1

‎09-16-2009 02:38 AM - edited ‎03-04-2019 06:04 AM

Hi guys I have a client who is applying for 2 internet leased line circuits from 2 different ISP's.

I have 2 - cisco 2800 router for the internet connectivity.

I have a L3 switch in the internal zones of the routers.

Both the ISP's have given /30 public network for the wan. I dont have any doubt on that.

But both the ISP's are giving different /28 networks for the internal usage. (for eg to host some servers)

I have 2 - ASA 5510 behind the routers which are going to use public ip addresses given by the ISP's.

The customer wants to use only 1 ISP at a time and if that ISP goes down I should be using the other ISP.

But my doubt is both the pulic ip addresses given by the ISP are of different network subnets and it wont be possible to manually change the IP ADDRESSES ON THE ASA 5510.

Please help me with some solution.

Thanks & Regards,

Jvalin

Labels:
0 Helpful
17 Replies 17

paolo bevilacqua
Hall of Fame
Hall of Fame

‎09-16-2009 02:57 AM

See:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a00808d2b72.shtml

Note this requires you do NAT on the router, not on the ASA, and you use 1 router, not 2.

jvalin__s
Level 1
Level 1
In response to paolo bevilacqua

‎09-16-2009 03:03 AM

well thanks for the message but this is not what I meant.

I have static ip addresses on both the routers and public ip address range is different from both the ISP's.

0 Helpful

paolo bevilacqua
Hall of Fame
Hall of Fame
In response to jvalin__s

‎09-16-2009 03:08 AM

That is exactly what the document takes into consideration.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

‎09-16-2009 03:05 AM

Jvalin

In addition to Paolo's post, it depends on whether or not you need to present internal servers to the Internet so that internet clients can access them eg. a web server/mail server.

If this is the case then you have a problem with your setup because what DNS entry would you use for your web server ie. you choose one of the ISP's public address to represent the web server. If that ISP link goes down it's not just the static NAT on the ASA that needs updating, it is also the public DNS with the new public address.

If you do need to present internal servers then you are going to need a provider independant public address space that both ISP's will advertise out.

Jon

paolo bevilacqua
Hall of Fame
Hall of Fame
In response to Jon Marshall

‎09-16-2009 03:10 AM

If you do need to present internal servers then you are going to need a provider independant public address space that both ISP's will advertise out.

Or get a regular hosting solution, easier to setup and manage. Really, BGP is not for everybody.

0 Helpful

jvalin__s
Level 1
Level 1
In response to paolo bevilacqua

‎09-16-2009 03:31 AM

guys,

what will be my default gateway on the ASA??

how will i do the HSRP on the routers??

0 Helpful

paolo bevilacqua
Hall of Fame
Hall of Fame
In response to jvalin__s

‎09-16-2009 04:18 AM

I suggest you do this with one router only. That is pretty much the only way you balance outgoing connections and keep things reasonably simple

If you want to use to, then yes you can use HSRP, but all the traffic will use a single ISP.

Or you can forget about the routers and just use the ASA:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

0 Helpful

jvalin__s
Level 1
Level 1
In response to paolo bevilacqua

‎09-16-2009 04:24 AM

so according to u and marshall. this is not possible rite from the view point of ISP??

if they are giving provider independent address space then only it is possible i guess. but do we get these type of address space from the provider thats the biggest question here.

0 Helpful

paolo bevilacqua
Hall of Fame
Hall of Fame
In response to jvalin__s

‎09-16-2009 04:39 AM

What exactly you understood to be "not possible" ? Clearly reaching internal server with a single Ip address resistent to failure it's impossible.

You need AS numbers and PI space for BGP, these things are obtained through ISP but are expensive. Most customers renounce immediately.

0 Helpful

jvalin__s
Level 1
Level 1
In response to paolo bevilacqua

‎09-16-2009 04:34 AM

so according to u and marshall. this is not possible rite from the view point of ISP??

if they are giving provider independent address space then only it is possible i guess. but do we get these type of address space from the provider thats the biggest question here.

0 Helpful

jvalin__s
Level 1
Level 1
In response to jvalin__s

‎09-16-2009 04:52 AM

yes paolo, I clearly understood the servers hosting thing, thats is impossible.

but lets assume that I dont have any internal web-servers.

simple users want to have internet access through the firewall

if one isp fails other will be utilized.

lets forget the provider independent address space also here.

u said I can do HSRP. but how??both the isp's are giving different IP addresses I have to use them on the routers internal interfaces and asa's outside interfaces also.

how m i going to configure HSRP with this scenario??

i have to manually change the IP's of all the interfaces if one ISP goes down???plz correct me if m wrong.

0 Helpful

paolo bevilacqua
Hall of Fame
Hall of Fame
In response to jvalin__s

‎09-16-2009 04:55 AM

With no servers there isn't much of a problem.

As mentioned above either configure ASA for NAT for backup links, or with HSRP you track an object off the primary ISP/router, when it fails the other router will take over.

When configured correctly no manual intervention is necessary.

0 Helpful

jvalin__s
Level 1
Level 1
In response to paolo bevilacqua

‎09-16-2009 05:02 AM

paolo, I understood the whole idea of yours but y r u suggesting me to use HSRP.

if ISP 1 gives 200.200.200.0/28

and ISP 2 gives me 100.100.100.0/28

then I can utilize only one network out of these two for the HSRP??? am I rite???

0 Helpful

jvalin__s
Level 1
Level 1
In response to paolo bevilacqua

‎09-16-2009 05:06 AM

paolo, I understood the whole idea of yours but y r u suggesting me to use HSRP.

if ISP 1 gives 200.200.200.0/28

and ISP 2 gives me 100.100.100.0/28

then I can utilize only one network out of these two for the HSRP??? am I rite???

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card