I'm planning to have 2 internet link from 2 different ISPs on my perimter router; the perimter ASA FW is configured to do NATing according to the public range I got from the current ISP. When I receive the 2nd public from the 2nd ISP, how should the configuration on my ASA look like and how will it AUTOMATICALLY transfer the NATing to use the address range from the 2nd ISP?
Example: the range from ISP1 is x.x.x.1-7 whileas, the range from ISP2 is y.y.y.1-7; currently the ASA is using the x.x.x.1-7 to do NATing, now if this link failed how can the ASA start using the y.y.y.1-7 range with no need for manual change?
How would your ASA FW know which ISP the perimeter router would be using? Unless it can know that I do not see that the solution can be implemented on the ASA FW.
What about configuring the perimeter router so that if it received traffic from the ASA FW with address x.x.x.n and is going to forward the traffic to the other ISP that it does a translation of address from x.x.x.n to y.y.y.n?
you might need to advertise your address ranges to both ISP's via bgp...if you can do that, it doesn't matter which isp assigned which range of addresses. if bgp is not an option, you can always NAT at the router instead of the ASA device...
Well, what you can do without dynamic routing is to use something called SLA routing where the ASA will ping the ISP next hop and when the first ISP goes down it routes to the second. However, you still have the public IP problem.
Please let me know if you need further explanantion,
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :