Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1334
Views
0
Helpful
25
Replies

Adding 2nd ISP to existing Cisco FPR not as Secondary or Backup..

TheGoob
VIP
VIP

‎10-17-2025 09:15 AM - edited ‎11-18-2025 10:27 AM

Hello

 

So currently I have a DSL MODEM - FPR1010 - SG350XG.

My Internet is DSL w/ 8 static IP's and the FPR does the PPPoE and is connected to the SG350XG with routing back towards the Internet... On the SG350XG I have 6 vlans [each single vlan is associated to it's own WAN ip via NAT on FPR] using 192.168.1.0 - 192.168.6.0. I then have Ports on the SG350XG associated with the preferred vlan.

We are getting a 2nd ISP service that is not involved with this Cisco system BUT I did want to have the SG350XG have a connection to this new ISP for routing purposes such as; I want to move my PC from Cisco Internet to NEW Internet but also, through SG350XG, have connection to my existing network. 

Not sure if I am explaining it correctly, but I think I am. 

192.168.1.0 - 192.168.6.0 do not see or utilize the New ISP but my PC using new ISP will see any of the 192.168.1.0 - 6.0 and be able to use its services. I assume there is some sort of PBR needed .. Either way I have the idea I want just not sure how this would work. 

If the new ISP Router has let's say, 10.0.0.x with 10.0.0.1 as GW, I could assign an Interface on the SG an IP of 10.0.0.2. Then I would create a new vlan let's say 192.168.7.0 and have that associate/default route to the 10.0.0.1 as next hop? Would routing already be accepted as the new ISP Modem has an IP on the existing SG? Would I need to set up PBR for 192.168.7.0 to use 10.0.0.1 for it's Internet, or would that be implied being that I create the vlan 7.0 in association with the Route of 10.0.0.1. Sorry a lot here. 

End of day; I want existing Cisco network to not even know of the New ISP [Unless at a later date I need that] but I want the new ISP to be 100% itself, but have routing to my existing network for services I host locally.. NAS, Plex, file sharing etc. 

Labels:
0 Helpful
25 Replies 25

TheGoob
VIP
VIP
In response to balaji.bandi

‎10-22-2025 01:20 PM

@balaji.bandi wrote:

make sure you have routing FTD to go to ISP2, by default all the routing go to ISP1

 

Wouldn't the FTD automatically obtain 1 the same as ISP1 does? Or do I need to specify manually a 2nd one so that the existing network does not use it?

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to TheGoob

‎10-23-2025 12:13 AM

depends on how you configured FTD

Adding a second route, what IP address does the client need to take that path, example .7.0/24 subnet

 

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

TheGoob
VIP
VIP
In response to balaji.bandi

‎10-23-2025 08:35 AM

I am going to close this case as a no works.

I had set up ISP2 on FTD Interface 1/2 in DHCP (ip 130.55.76.161 and GW was 130.60.1.1). I created a default route (outbound) for 192.168.7.0/24 to GW/Next-Hop 130.60.1.1 (the GW my ISP2 grabbed). I create a static route (inside) to FIND 192.168.7.0/24 through 10.0.2.2 (Switch Interface) I created both auto and manual  NAT for inside 192.168.7.0/24 to ISP2/ Interface. 
On Switch I create vlan8 192.168.7.1 and a default route to FTD 192.168.7.0/24 to 10.0.2.1.

 

So far so good. But when I check my WAN IP, 192.168.7.0/24 which should have a 130.55.76.161 WAN actually picks up my ISP1 WAN IP. 
Instead of a single firewall with 2 wans and weird routing I am just connect my isp2 to my spare ISRC1100 cause this way clearly does not work. 

0 Helpful

TheGoob
VIP
VIP

‎10-17-2025 06:29 PM

I actually do not think this will work.

 

On the SG if I create a vlan 7 with a Network of 192.168.7.0 and set it's default route to let's say the ISP2 Router LAN is 10.0.1.1 [10.0.1.2 on the SG 1/2 Interface to route back to the ISP2 Router] I still will not have Internet. Because, said ISP2 is Starlink and you can not do routing/ static routing on their "routers". I can not say '192.168.7.0 /24 10.0.1.2' so the Starlink will not be able to route to it... I think what I need to do is connect the Starlink to me C1100 Router and then create a route to the SG in the same manner... But without being able to set a route on Starlink, my original idea will not work.. Or will it?

0 Helpful

TheGoob
VIP
VIP

‎10-24-2025 09:48 AM

This is my final attempt at trying to figure this out. I think that I have the scenario explained pretty well and can answer any questions on something I have overlooked! I drew this pretty drawing to possibly help clarify. 

My only question aside from the picture is this; Being that ISP2 is NOT a backup/secondary WAN Connection and has no SLA Monitor etc, can this concept work?

And also this..... Like I said ISP1 has a 'obtain default route automatically' and therefore I do not see it in my STATIC ROUTES section, I believe I have to add a route FOR ISP2. The question is, Do I create the default/sgtatic route for ISP2 to be 192.168.7.0/24 10.60.1.1 to 'direct' LAN 192.168.7.0/24 to use that "path" to the Internet or would I still do '0.0.0.0/0 10.0.60.1' as a general rule and NAT will direct it. 

 

 

Preview file
226 KB
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to TheGoob

‎10-26-2025 03:50 AM

First make decision you need for 192.168.7.0/24 network need to use both the ISP ?

if you want to use 7.0/24 ISP2, then remove the routing going to 10.0.2.2

If you already NAT using own IP you need Adjust based on that IP and NAT. (inside to outside)

Firewall need to have correct routing, from siwtch to firewall and firewall to switch, see if you able to ping them as expected.

open for testing traceroute so you can traceroute to 8.8.8.8 to check what is wrong.

I have provide detailed steps of document line by line how to troubleshoot, spend some time read how you can troubleshoot to fix the issue, and post more information output of troubleshoot to understand

example : traceroute, ping, routing table and nat table

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

TheGoob
VIP
VIP
In response to balaji.bandi

‎10-26-2025 09:56 AM

Morning friend.

Yes, 192.168.7.0/24 is to have ISP2 for [WAN] Only

I have may have my routes, written to you, wrong. 192.168.1.0 -192.168.7.0/24 10.0.0.2 towards switch and from Switch, I have 0.0.0.0/24 10.0.0.1

I am using NAT [inside-starlink] starlink being name of the ISP2 WAN Interface. So essentially it is inside to outside.

Anything on the SG Switch, 192.168.7.0 included, can ping the 10.0.1.1 [FPR side] IP so whatever is blocking 7.0/24 has to be FPR side. I am reading your words but I feel those changes are actually what I am already doing and of course saying I have a route 7.0/24

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to TheGoob

‎10-26-2025 10:15 AM

Need more information as i asked in the previous post to advise more.

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

TheGoob
VIP
VIP
In response to balaji.bandi

‎10-26-2025 10:19 AM

I guess this will be a closed case on this cause I do not know what to give, I have no more answers. I just wanted all vlans on switch TO COMMUNICATE lan SIDE and then a specific vlan to use isp2. I clearly can not ge tit to work.. and after 2 weeks to make something that can NOT be a new idea not work. I am kinda over it. Ill just let it be. i hate the fact that i am possibly being annoying so Ill just let it end.

0 Helpful

TheGoob
VIP
VIP

‎11-18-2025 10:46 AM

Hello

So I have simplified this the best I can and wrote down all I think would need to be done for both vlans/ networks on the Switch to communicate @ switch level and then exit towards the Internet on their specified ISP via NAT... It does not , unfortunately. Not sure if I am missing PBR's or different ACL's or my NAT is wrong etc.. Also, being 2 WAN's, would I "disable" 'obtain default route' on both WAN Interfaces and allow the NAT to control their destination? Here is what I got;

FPR:

Interfaces;
Interface 1/1 [ISP1] PPPoE w/ Obtain Default Route
Interface 1/2 [ISP2] DHCP from StarLink w/ Obtain Default Route
Interface 1/5 [LAN]  Static IP 10.0.1.1 (Link to Switch)

Static Routing;
192.168.1.0/24 10.0.1.2 [IP of the Switch where 192.168.1.0 Resides) ISP1 LAN
192.168.2.0/24 10.0.1.2 [IP of the Switch where 192.168.2.0 Resides) ISP2 LAN

Zones;
outside - isp1, isp2
inside  - lan

NAT;

inside isp1-lan outside isp1 interface [Dynamic]
inside isp2-lan outside isp2 interface [Dynamic]

ACL;

inside any outside any trust
inside any inside any trust

SWITCH:

Interfaces;
Interface 1/1 10.0.1.2 (Link towards FPR)
Interface vlan 2 192.168.1.0
Interface vlan 3 192.168.2.0

Static Routing;
0.0.0.0 0.0.0.0 10.0.1.1

NAT/ACL/PBR;
Nothing, just have the vlans set up and then some interfaces assigned to them and the route towards the FPR.

 

0 Helpful

TheGoob
VIP
VIP
In response to TheGoob

‎11-19-2025 07:57 AM

In addition to my more recent response [yesterday] I can not help to wonder about both the 'obtain default routes' on both WAN Interfaces and then the lack of PBR on the Switch, needing them, even if I do have NAT directing specific inside to specific wan interface. 

0 Helpful
Customers Also Viewed These Support Documents