12-29-2009 08:23 AM - edited 03-04-2019 07:04 AM
Hello
I have a customer needs continues internet connection just for browsing issue coz its important to him(in the past his ISP goes down for 6 hours,so it was panic to him that moment coz he lost a lot of money in the stock exchange), along with excahnge server in the DMZ ,currently he has 1 link to ISP via fiber connection(6 Mbps) and now he needs another ISPs backup using DSL line,his cuurent router its 1841,question is?
1)should i use another 1841 and peer with the 2nd via static route?if so how the solution could be done?
2)how to make half route goes from ISP1 and the onther half goes with ISP2,but plz bear in mind that when ISP1 goes down the full route will go via ISP2 and vise versa
thanks a lot
12-31-2009 05:00 AM
Hello Marwan!
just additional question,my exchange resides on the DMZ interface of the asa,any advise here also
What address should be configured on the vpn client software?in order to access the company?
Thanks
12-31-2009 05:20 AM
nating do it only in the Internet router as i mentioned above to avoid complexity of having two nating
for packet filtering ( security ) allow only required ports from outside to the server in the DMZ and block other ports
good luck
12-31-2009 05:42 AM
Hello marwan
1)What address should be configured on the vpn client software?in order to access the company?
2)is it recomended the lan switches/ASAs to be active active?
thanks
12-31-2009 06:32 AM
i am assuming the VPN terminate on the ASA
as i am not aware if you have public IPs or only the IP assigned to your internet router!
if you are going to use the internet router outside ip for VPN use the static nat (pat ) above and usethe router interface IP (outside) for VPN
if you want to use a seperate IP ( given to you by your ISP ) just make simple static nat as above but instead of usinginterface keyword in the command use the public IP:
ip nat inside static x.x.x.x y.y.y.y
x.x.x.x outsid eIP of AA
y.y.y.y public IP given to you by your ISP
fr redundeancy as i told you above you ca use the IP address of the second router (ISP) as a second option in the vpn client incase the first router or ISP gose donw you will have a backup link
nating config same concept exactly
good luck
01-01-2010 01:56 AM
Freind marwan!
Thanks for ur support on this threats,i ll write the config to notpad then submitt it to check it
Thanks
01-04-2010 06:10 AM
Happy new year marwan,
01-04-2010 03:16 PM
happy new year to you too
01-04-2010 09:21 PM
Hello marwan!
I Followed ur config and the site is up and running,thanks to y marwan and thanks to jon also
Appreciate
01-04-2010 10:28 PM
i am glad its working and also thanks for your rating as well
please mark this discussion as resolved to let other people know this is resolved when they do search here ( just trying to help )
01-04-2010 11:40 PM
Hello marwan
1)where can i mark this threats as resolved
2)i have similar threat by adding onother link for from each border router inside interface,i.e to be added onother redundant link,try to help if u can
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide