Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA Dual ISP Failover (With exchange access)

I wanted to know how I would be able to configure ISP failover. I need to be able to access the exchange server as usual when this happens though. Any ideas on how to make that happen? Outgoing failover seems to be straight forward with static routes, IP SLA, and Natting with Route-maps but the incoming bits seems a bit illusive based on my research. Just looking for insight from anyone who has done this in a real-world situation so I can anticipate any hiccups that may arise...

Everyone's tags (2)
2 ACCEPTED SOLUTIONS

Accepted Solutions

Just for clarification, the

Just for clarification, the ASA is not able to have route-maps.  that is router function.

Other than that, yes the inbound traffic will be more difficult.  The problem here will mainly be DNS.  Since your exchange and perhaps even web traffic will be going towards company.com, this name will be resolving to the ASA's outside interface.  So when the failover happens you would need to redirect those URLs to the new public IP. 

The best option here, would be to do it manually.  A pain, yes, but in my opinion the best option.

Another option, though I have never tried this, so am not 100% sure it will work and its use depends on your companies policies and a few other factors such as if the webserver and exchange server are on the same physical server.  You could use something like No-IP to dynamically update DNS records.  This is installed on the server..if i remember correctly...and it constantly checks in with its current IP and dynamically updates its public DNS record.

--

Please remember to select a correct answer and rate

--

Please remember to rate and select a correct answer

Normally when you set up

Normally when you set up exchange on outlook, or access it through outlook web access...etc. you enter something like mail.company.com or mail.company.com/owa...or similar.  The domain name is you bought needs to be "pointed" at your public IP address so you are able to access that IP by using the URL.  These settings are found when you log into the website of the company you bought the domain from...normally.

So, If you want to use two different ISPs for redundancy, you would need to somehow redirect that email and web traffic to the second ISP when the primary ISP has failed.

When I say do it manually, I mean that you should go into the settings for your domain name and "point" the domain name to the backup ISP IP when there is a failover situation.

--

Please remember to select a correct answer and rate

--

Please remember to rate and select a correct answer
3 REPLIES

Just for clarification, the

Just for clarification, the ASA is not able to have route-maps.  that is router function.

Other than that, yes the inbound traffic will be more difficult.  The problem here will mainly be DNS.  Since your exchange and perhaps even web traffic will be going towards company.com, this name will be resolving to the ASA's outside interface.  So when the failover happens you would need to redirect those URLs to the new public IP. 

The best option here, would be to do it manually.  A pain, yes, but in my opinion the best option.

Another option, though I have never tried this, so am not 100% sure it will work and its use depends on your companies policies and a few other factors such as if the webserver and exchange server are on the same physical server.  You could use something like No-IP to dynamically update DNS records.  This is installed on the server..if i remember correctly...and it constantly checks in with its current IP and dynamically updates its public DNS record.

--

Please remember to select a correct answer and rate

--

Please remember to rate and select a correct answer
Community Member

Hi there Marius. Thanks for

Hi there Marius. Thanks for reply... When you were addressing the DNS portion of my issue, you said "The best option here, would be to do it manually"...what exactly does that mean?

Normally when you set up

Normally when you set up exchange on outlook, or access it through outlook web access...etc. you enter something like mail.company.com or mail.company.com/owa...or similar.  The domain name is you bought needs to be "pointed" at your public IP address so you are able to access that IP by using the URL.  These settings are found when you log into the website of the company you bought the domain from...normally.

So, If you want to use two different ISPs for redundancy, you would need to somehow redirect that email and web traffic to the second ISP when the primary ISP has failed.

When I say do it manually, I mean that you should go into the settings for your domain name and "point" the domain name to the backup ISP IP when there is a failover situation.

--

Please remember to select a correct answer and rate

--

Please remember to rate and select a correct answer
345
Views
0
Helpful
3
Replies
CreatePlease to create content