Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1123
Views
5
Helpful
4
Replies

Redundant ISPs static NATs

Go to solution
JerryLarson7922
Level 1
Level 1

‎02-19-2021 09:31 AM

Hello, 

 

We are considering a secondary internet circuit for our enterprise. We have devices with static NATs and published DNS to the world. How do I keep these devices reachable through secondary providers internet with a different address space? I have been reading documentation on this and am learning some viable options. I am wondering what others on this forum have done to keep internal NATTED devices up when having to rely on backup internet with different address space,

 

thanks, 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JerryLarson7922
Level 1
Level 1
In response to balaji.bandi

‎02-19-2021 10:06 AM

Thank you, 

 

I will watch these presentations.

 

thanks, 

View solution in original post

4 Replies 4

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎02-19-2021 09:41 AM

what is this device? Router or ASA?

 

Clarify the requirement :

 

So you want only Static NAT for the NEW ISP2 for incoming requests.

exiting connection will do NAT and going out using ISP1  ( you going to have a new IP subnet for this? )

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
JerryLarson7922
Level 1
Level 1
In response to balaji.bandi

‎02-19-2021 09:53 AM

I am sorry I did not clarify. 

 

I have FTD firewalls with FMC

 

My secondary internet will be different public address space. we are in the beginning stages of this without the secondary circuit installed at this point. 

 

When primary internet goes down ISP1 public 1.1.1.0 with internal devices NATTED within this subnet goes down I need these devices still reachable through my secondary ISP 2.2.2.0. I have read I can have multiple A records published to the world but it doesn't necessarily always choose 1 address over the other. I believe I would have to have the same internal addresses NATTED on a second FW with ISP2 2.2.2.0 address space for this to work. 

 

thanks, 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to JerryLarson7922

‎02-19-2021 10:01 AM

Ok below 3 Links will help you make that work : ( I am sure you managing this FTD with FMC?)

 

https://www.youtube.com/watch?v=MKcSBTJ55e8

https://www.youtube.com/watch?v=lakHhw9CR5Y

https://integratingit.wordpress.com/2020/08/14/ftd-dual-isp-failover/

 

On a side note, you can (consider) having an internal Loadbalancer with single VIP IP also Load balance internally. ( for the outside connection)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Cisco FMC FlexConfig configuring PBR
Cisco FMC FlexConfig configuring PBR
youtube.com/watch?v=lakHhw9CR5Y
This Video show how to configure PBR using FMC FlexConfig. Correction: During Flex-Configuration, instead of applying Route-map on Ethernet 1/1 & Ethernet 1/3 which is outside. It should be applyed on Ethernet 1/2 (Inside Interface). Linkedin: https://www.linkedin.com/in/nandakumar80/ For Latest ...
0 Helpful

Go to solution
JerryLarson7922
Level 1
Level 1
In response to balaji.bandi

‎02-19-2021 10:06 AM

Thank you, 

 

I will watch these presentations.

 

thanks, 

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card