Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Can you have 2 ISP w/o BGP?

A client would like to have 2 different ISP connections to the internet for redundancy. The second ISP will have a different IP address pool. Both of their email and VPN servers are located behind the firewall and are mission-critical. Is it possible to set this up without BGP? Could I run NAT on the internet router to fool the second ISP?


Re: Can you have 2 ISP w/o BGP?

Yes, you can do it. Whether or not it will meet your needs is another story. Email will not be a problem if you have your DNS records updated to support MX records for IPs in both ISP address ranges (keep in mind that the ONLY way you can be reached from outside, unless you multihome with BGP, is via an address assigned by the ISP with the working link).

Your VPN server will look like two independent VPN servers, one per ISP. Whether or not it will work will depend upon the server, the firewall, the routers, and how VPNs are being used. Many modes of IPsec usage will not work with NAT. Whether or not you use NAT, the client on the other side of the Internet will see two addresses, not one. Your biggest challenge may be detecting that a link to the ISP has gone down. This is automatic with a point-to-point T1, but very difficult with DSL or cable modems. If you can't detect loss of link, your packets will go straight into the bit bucket, not what you want.

There is an example of using two ISPs and NAT to provide "non-stop" Internet access in chapter 8 of my book, High Availability Networking with Cisco. There are examples of running redundant VPN tunnels in the Redundant VPN white paper on my web site.

Good luck and have fun!

Vincent C Jones

CreatePlease to create content