Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
457
Views
0
Helpful
2
Replies

Multiple ISPs, firewalls, nat...isp migration

krolen
Level 1
Level 1

‎07-24-2002 11:54 AM - edited ‎03-02-2019 12:08 AM

A client is migrating from one ISP to another. They want to migrate over time for reasons I won't get into. They have a frame router configured as their servers and clients default gateway. The frame router has a default of the firewall, which is nat'ing several internal servers (no dmz). They purchased a pix, another internet connection, and want both to be live at once, while they migrate.

We tried to setup two default gateways on the router, and this had odd results: Nat'd servers on both firewalls (60.x.x.x and 200.x.x.x) only the original nat was accessible from outside. Clients were a mix of speed improvement and decrement. Is it possible to have two default gateways to two seperate ISPs, while nat'ing servers to one or both external addresses? If so, is bgp required to make this happen? Thanks in advance.

Labels:
0 Helpful
2 Replies 2

beth-martin
Level 5
Level 5

‎07-31-2002 12:04 PM

No, you can't have two defaults but you could drop a router in front of it all and change the routes on that router and default everyone to the new router. I would get a design tech from Cisco help you with the transition. Sometimes just cuting over during a maint window on a Friday night and switching all your DNS so things propagate by Monday is the best way to go.

0 Helpful

vcjones
Level 5
Level 5
In response to beth-martin

‎08-01-2002 09:57 AM

There are many possible solutions to your quest, but as beth-martin states, defining two default gateways is not one of them. Approaches range from modifying your current approach to use policy routing so that each server always takes the same outbound path to running defaultless with BGP (which I suspect would be a MAJOR change from your current mode of operation).

As long as you are using NAT, the trick is to ensure that inbound and outbound packets between the same two points always follow the same path. There is an example of using NAT to support two independent ISP connections in chapter 8 of my book, High Availability Networking with Cisco, but be forewarned that NAT and ease of administration are not often found in the same design. What approach is appropriate for you will depend on many factors, few of which are even hinted at in your original note.

The bottom line is that it can probably be done, but there are many tradeoffs. You should consider seeking professional help from a competent consultant. Hint: if they respond with a solution before asking you what the problem is, you're talking to a sales droid, not a consultant, and should grab your wallet and keep looking...

Good luck and have fun!

Vincent C Jones

http://www.networkingunlimited.com

0 Helpful
Customers Also Viewed These Support Documents