Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

multihoming issue

Hi guys I have a client who is applying for 2 internet leased line circuits from 2 different ISP's.

I have 2 - cisco 2800 router for the internet connectivity.

I have a L3 switch in the internal zones of the routers.

Both the ISP's have given /30 public network for the wan. I dont have any doubt on that.

But both the ISP's are giving different /28 networks for the internal usage. (for eg to host some servers)

I have 2 - ASA 5510 behind the routers which are going to use public ip addresses given by the ISP's.

The customer wants to use only 1 ISP at a time and if that ISP goes down I should be using the other ISP.

But my doubt is both the pulic ip addresses given by the ISP are of different network subnets and it wont be possible to manually change the IP ADDRESSES ON THE ASA 5510.

Please help me with some solution.

Thanks & Regards,

Jvalin

17 REPLIES
Hall of Fame Super Gold

Re: multihoming issue

See:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a00808d2b72.shtml

Note this requires you do NAT on the router, not on the ASA, and you use 1 router, not 2.

New Member

Re: multihoming issue

well thanks for the message but this is not what I meant.

I have static ip addresses on both the routers and public ip address range is different from both the ISP's.

Hall of Fame Super Gold

Re: multihoming issue

That is exactly what the document takes into consideration.

Hall of Fame Super Blue

Re: multihoming issue

Jvalin

In addition to Paolo's post, it depends on whether or not you need to present internal servers to the Internet so that internet clients can access them eg. a web server/mail server.

If this is the case then you have a problem with your setup because what DNS entry would you use for your web server ie. you choose one of the ISP's public address to represent the web server. If that ISP link goes down it's not just the static NAT on the ASA that needs updating, it is also the public DNS with the new public address.

If you do need to present internal servers then you are going to need a provider independant public address space that both ISP's will advertise out.

Jon

Hall of Fame Super Gold

Re: multihoming issue

If you do need to present internal servers then you are going to need a provider independant public address space that both ISP's will advertise out.

Or get a regular hosting solution, easier to setup and manage. Really, BGP is not for everybody.

New Member

Re: multihoming issue

guys,

what will be my default gateway on the ASA??

how will i do the HSRP on the routers??

Hall of Fame Super Gold

Re: multihoming issue

I suggest you do this with one router only. That is pretty much the only way you balance outgoing connections and keep things reasonably simple

If you want to use to, then yes you can use HSRP, but all the traffic will use a single ISP.

Or you can forget about the routers and just use the ASA:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

New Member

Re: multihoming issue

so according to u and marshall. this is not possible rite from the view point of ISP??

if they are giving provider independent address space then only it is possible i guess. but do we get these type of address space from the provider thats the biggest question here.

Hall of Fame Super Gold

Re: multihoming issue

What exactly you understood to be "not possible" ? Clearly reaching internal server with a single Ip address resistent to failure it's impossible.

You need AS numbers and PI space for BGP, these things are obtained through ISP but are expensive. Most customers renounce immediately.

New Member

Re: multihoming issue

so according to u and marshall. this is not possible rite from the view point of ISP??

if they are giving provider independent address space then only it is possible i guess. but do we get these type of address space from the provider thats the biggest question here.

New Member

Re: multihoming issue

yes paolo, I clearly understood the servers hosting thing, thats is impossible.

but lets assume that I dont have any internal web-servers.

simple users want to have internet access through the firewall

if one isp fails other will be utilized.

lets forget the provider independent address space also here.

u said I can do HSRP. but how??both the isp's are giving different IP addresses I have to use them on the routers internal interfaces and asa's outside interfaces also.

how m i going to configure HSRP with this scenario??

i have to manually change the IP's of all the interfaces if one ISP goes down???plz correct me if m wrong.

Hall of Fame Super Gold

Re: multihoming issue

With no servers there isn't much of a problem.

As mentioned above either configure ASA for NAT for backup links, or with HSRP you track an object off the primary ISP/router, when it fails the other router will take over.

When configured correctly no manual intervention is necessary.

New Member

Re: multihoming issue

paolo, I understood the whole idea of yours but y r u suggesting me to use HSRP.

if ISP 1 gives 200.200.200.0/28

and ISP 2 gives me 100.100.100.0/28

then I can utilize only one network out of these two for the HSRP??? am I rite???

New Member

Re: multihoming issue

paolo, I understood the whole idea of yours but y r u suggesting me to use HSRP.

if ISP 1 gives 200.200.200.0/28

and ISP 2 gives me 100.100.100.0/28

then I can utilize only one network out of these two for the HSRP??? am I rite???

Hall of Fame Super Gold

Re: multihoming issue

Yes, as mentioned before, with HSRP and NAT on the router is difficult to balance, so you will have just a primary and a backup.

For some sort of balancing use one router only and the first link referenced.

New Member

Re: multihoming issue

Hi paolo,

You have cleared all my doubts one last doubt still I am having though.

if I mention the 2 default routes on the ASA's one with default metric and one with a higher metric.

and If I configure sla on the firewall and track the first ISP/ROUTER will it work??

Hall of Fame Super Gold

Re: multihoming issue

To have the ASA decide on primary/backup links, simply follow the indications in the ASA document linked above.

250
Views
10
Helpful
17
Replies
CreatePlease to create content