cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1124
Views
5
Helpful
4
Replies

Redundant ISPs static NATs

JerryLarson7922
Level 1
Level 1

Hello, 

 

We are considering a secondary internet circuit for our enterprise. We have devices with static NATs and published DNS to the world. How do I keep these devices reachable through secondary providers internet with a different address space? I have been reading documentation on this and am learning some viable options. I am wondering what others on this forum have done to keep internal NATTED devices up when having to rely on backup internet with different address space,

 

thanks, 

1 Accepted Solution

Accepted Solutions

Thank you, 

 

I will watch these presentations.

 

thanks, 

View solution in original post

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

what is this device? Router or ASA?

 

Clarify the requirement :

 

So you want only Static NAT for the NEW ISP2 for incoming requests.

exiting connection will do NAT and going out using ISP1  ( you going to have a new IP subnet for this? )

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I am sorry I did not clarify. 

 

I have FTD firewalls with FMC

 

My secondary internet will be different public address space. we are in the beginning stages of this without the secondary circuit installed at this point. 

 

When primary internet goes down ISP1 public 1.1.1.0 with internal devices NATTED within this subnet goes down I need these devices still reachable through my secondary ISP 2.2.2.0. I have read I can have multiple A records published to the world but it doesn't necessarily always choose 1 address over the other. I believe I would have to have the same internal addresses NATTED on a second FW with ISP2 2.2.2.0 address space for this to work. 

 

thanks, 

Ok below 3 Links will help you make that work : ( I am sure you managing this FTD with FMC?)

 

https://www.youtube.com/watch?v=MKcSBTJ55e8

https://www.youtube.com/watch?v=lakHhw9CR5Y

https://integratingit.wordpress.com/2020/08/14/ftd-dual-isp-failover/

 

On a side note, you can (consider) having an internal Loadbalancer with single VIP IP also Load balance internally. ( for the outside connection)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Cisco FTD policy based routing (PBR) with IP SLA using Flexconfig on FMC LinkedIn: https://www.linkedin.com/in/ahmed-shalaby1/
This Video show how to configure PBR using FMC FlexConfig. Correction: During Flex-Configuration, instead of applying Route-map on Ethernet 1/1 & Ethernet 1/3 which is outside. It should be applyed on Ethernet 1/2 (Inside Interface). Linkedin: https://www.linkedin.com/in/nandakumar80/ For Latest ...

Thank you, 

 

I will watch these presentations.

 

thanks, 

Review Cisco Networking for a $25 gift card