Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
291
Views
0
Helpful
5
Replies

Mechanism of failover when having 2 ISP Links

haithamnofal
Level 3
Level 3

‎09-24-2006 01:42 AM - edited ‎03-09-2019 04:17 PM

Hi There,

I'm planning to have 2 internet link from 2 different ISPs on my perimter router; the perimter ASA FW is configured to do NATing according to the public range I got from the current ISP. When I receive the 2nd public from the 2nd ISP, how should the configuration on my ASA look like and how will it AUTOMATICALLY transfer the NATing to use the address range from the 2nd ISP?

Example: the range from ISP1 is x.x.x.1-7 whileas, the range from ISP2 is y.y.y.1-7; currently the ASA is using the x.x.x.1-7 to do NATing, now if this link failed how can the ASA start using the y.y.y.1-7 range with no need for manual change?

Appreciate your feedback.

Thanks,

Haitham

Labels:
0 Helpful
5 Replies 5

Richard Burts
Hall of Fame
Hall of Fame

‎09-24-2006 03:18 AM

Haitham

How would your ASA FW know which ISP the perimeter router would be using? Unless it can know that I do not see that the solution can be implemented on the ASA FW.

What about configuring the perimeter router so that if it received traffic from the ASA FW with address x.x.x.n and is going to forward the traffic to the other ISP that it does a translation of address from x.x.x.n to y.y.y.n?

HTH

Rick

HTH

Rick
0 Helpful

haithamnofal
Level 3
Level 3
In response to Richard Burts

‎09-24-2006 04:14 AM

Rick,

Can OSPF help the ASA in detecting the failure of the 1st ISP link?

Regards,

Haitham

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to haithamnofal

‎09-24-2006 01:37 PM

Haitham

Do you think that you would be able to run OSPF over both links to ISPs? Without that I doubt that OSPF would solve your problem.

HTH

Rick

HTH

Rick
0 Helpful

srue
Level 7
Level 7

‎09-25-2006 04:39 AM

you might need to advertise your address ranges to both ISP's via bgp...if you can do that, it doesn't matter which isp assigned which range of addresses. if bgp is not an option, you can always NAT at the router instead of the ASA device...

0 Helpful

m-haddad
Level 5
Level 5
In response to srue

‎09-25-2006 10:28 AM

Well, what you can do without dynamic routing is to use something called SLA routing where the ASA will ping the ISP next hop and when the first ISP goes down it routes to the second. However, you still have the public IP problem.

Please let me know if you need further explanantion,

Regards,

0 Helpful
Customers Also Viewed These Support Documents