Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

BGP Question


I really know very little about BGP and am trying to get familiar with it's implementation.

My question:

We have 2 seperate ISP's, terminating into 2 seperate routers, firewalls etc.

If they were to run BGP for failover on our lines, what needs to be done on the internally on my side.

If I understand correctly, they will set up BGP on their routers to reroute int he event of either link going down. With that in mind, if I have internal servers statically mapped out on one firewall, and the link goes down, the route is changed outside so that traffic will be coming on on the other line correct?

How does this firewall know what to do with this traffic? Do I have to mirror the config on both firewalls?? I'm a little confused on what needs to be done on my end.

Thanks in advance.


Re: BGP Question

If the firewall is the default gateway for your server(s), and they are connected to only one firewall you can run a interior routing protocol between your firewalls and CPE router(s).

You can also achieve high availability for your firewalls by clustering them and create a link to both routers. Eventually the BGP router that imports a default route, partially BGP routes or full BGP routes will determine where to send traffic to.

New Member

Re: BGP Question

Thanks. Problem is, they are not. Oour internal network is segmented...10.0.1.x and 10.0.2.x. A 3620 is sitting in the middle handling the internal routing between the 2 subnets.

Each segment points out it's own firewall.


New Member

Re: BGP Question


I am assuming certain things in your network..If u run BGP multihomed to 2 different ISPs then for the router interface /firewall outside you need to run either HSRP.. Here you can create a static route on your routers to point to the firewall outside address and in the firewalls you need to point a route for outside pointing towards your Virtual IP addresses of your router.. Finally create the network statements in your BGP and static routes pointing to your firewall for the routes you adv to the internet via BGP..