We have configured an ASA for dual WAN redundancy using SLA monitors, ISP1 is a dynamic IP address with Virgin media, and ISP2 (failover) has a static IP address.
When we try to configure the static routes we need the default gateway or "next hop" address, but with the primary connection this changes if the IP address changes. So, our question for all you experts is how do we get around this issue??
Thanks for reply. Yes, thats what we thought but we understand from Virgin media that the gateway address can also change with a change of IP address. (DHCP). My understanding is that most ISPs will have several gateway addresses to provide resilience, but no matter what IP address is assigned through DHCP (Dynamic) the chosen gateway address should always work provided that the specific network is available. We have obtained the gateway address assigned from the "show route" output.
Thanks for your input and apologies for our late reply we had to Lab this up and have been a little busy in the last day or so.
Anyway, yes this has fixed the problem although complicated slightly by the fact that our Customer has multiple VPNs terminating on the ASA. We also spoke with our ISPs and they both confirmed that they operate a pool of IP addresses as gateways that should be reachable from any connection to their network irrespective of what the public IP address assigned maybe on the end user site.
Thanks again for your help I have marked correct answer.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...