A client would like to have 2 different ISP connections to the internet for redundancy. The second ISP will have a different IP address pool. Both of their email and VPN servers are located behind the firewall and are mission-critical. Is it possible to set this up without BGP? Could I run NAT on the internet router to fool the second ISP?
Yes, you can do it. Whether or not it will meet your needs is another story. Email will not be a problem if you have your DNS records updated to support MX records for IPs in both ISP address ranges (keep in mind that the ONLY way you can be reached from outside, unless you multihome with BGP, is via an address assigned by the ISP with the working link).
Your VPN server will look like two independent VPN servers, one per ISP. Whether or not it will work will depend upon the server, the firewall, the routers, and how VPNs are being used. Many modes of IPsec usage will not work with NAT. Whether or not you use NAT, the client on the other side of the Internet will see two addresses, not one. Your biggest challenge may be detecting that a link to the ISP has gone down. This is automatic with a point-to-point T1, but very difficult with DSL or cable modems. If you can't detect loss of link, your packets will go straight into the bit bucket, not what you want.
There is an example of using two ISPs and NAT to provide "non-stop" Internet access in chapter 8 of my book, High Availability Networking with Cisco. There are examples of running redundant VPN tunnels in the Redundant VPN white paper on my web site.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...