A client is migrating from one ISP to another. They want to migrate over time for reasons I won't get into. They have a frame router configured as their servers and clients default gateway. The frame router has a default of the firewall, which is nat'ing several internal servers (no dmz). They purchased a pix, another internet connection, and want both to be live at once, while they migrate.
We tried to setup two default gateways on the router, and this had odd results: Nat'd servers on both firewalls (60.x.x.x and 200.x.x.x) only the original nat was accessible from outside. Clients were a mix of speed improvement and decrement. Is it possible to have two default gateways to two seperate ISPs, while nat'ing servers to one or both external addresses? If so, is bgp required to make this happen? Thanks in advance.
No, you can't have two defaults but you could drop a router in front of it all and change the routes on that router and default everyone to the new router. I would get a design tech from Cisco help you with the transition. Sometimes just cuting over during a maint window on a Friday night and switching all your DNS so things propagate by Monday is the best way to go.
There are many possible solutions to your quest, but as beth-martin states, defining two default gateways is not one of them. Approaches range from modifying your current approach to use policy routing so that each server always takes the same outbound path to running defaultless with BGP (which I suspect would be a MAJOR change from your current mode of operation).
As long as you are using NAT, the trick is to ensure that inbound and outbound packets between the same two points always follow the same path. There is an example of using NAT to support two independent ISP connections in chapter 8 of my book, High Availability Networking with Cisco, but be forewarned that NAT and ease of administration are not often found in the same design. What approach is appropriate for you will depend on many factors, few of which are even hinted at in your original note.
The bottom line is that it can probably be done, but there are many tradeoffs. You should consider seeking professional help from a competent consultant. Hint: if they respond with a solution before asking you what the problem is, you're talking to a sales droid, not a consultant, and should grab your wallet and keep looking...
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...