Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1025
Views
0
Helpful
3
Replies

ASA Dual ISP Failover (With exchange access)

Go to solution
Mojoman12345
Level 1
Level 1

‎05-27-2014 02:21 PM - edited ‎03-11-2019 09:15 PM

I wanted to know how I would be able to configure ISP failover. I need to be able to access the exchange server as usual when this happens though. Any ideas on how to make that happen? Outgoing failover seems to be straight forward with static routes, IP SLA, and Natting with Route-maps but the incoming bits seems a bit illusive based on my research. Just looking for insight from anyone who has done this in a real-world situation so I can anticipate any hiccups that may arise...

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marius Gunnerud
VIP
VIP

‎05-28-2014 07:00 AM

Just for clarification, the ASA is not able to have route-maps.  that is router function.

Other than that, yes the inbound traffic will be more difficult.  The problem here will mainly be DNS.  Since your exchange and perhaps even web traffic will be going towards company.com, this name will be resolving to the ASA's outside interface.  So when the failover happens you would need to redirect those URLs to the new public IP. 

The best option here, would be to do it manually.  A pain, yes, but in my opinion the best option.

Another option, though I have never tried this, so am not 100% sure it will work and its use depends on your companies policies and a few other factors such as if the webserver and exchange server are on the same physical server.  You could use something like No-IP to dynamically update DNS records.  This is installed on the server..if i remember correctly...and it constantly checks in with its current IP and dynamically updates its public DNS record.

--

Please remember to select a correct answer and rate

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to Mojoman12345

‎05-29-2014 04:01 AM

Normally when you set up exchange on outlook, or access it through outlook web access...etc. you enter something like mail.company.com or mail.company.com/owa...or similar.  The domain name is you bought needs to be "pointed" at your public IP address so you are able to access that IP by using the URL.  These settings are found when you log into the website of the company you bought the domain from...normally.

So, If you want to use two different ISPs for redundancy, you would need to somehow redirect that email and web traffic to the second ISP when the primary ISP has failed.

When I say do it manually, I mean that you should go into the settings for your domain name and "point" the domain name to the backup ISP IP when there is a failover situation.

--

Please remember to select a correct answer and rate

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marius Gunnerud
VIP
VIP

‎05-28-2014 07:00 AM

Just for clarification, the ASA is not able to have route-maps.  that is router function.

Other than that, yes the inbound traffic will be more difficult.  The problem here will mainly be DNS.  Since your exchange and perhaps even web traffic will be going towards company.com, this name will be resolving to the ASA's outside interface.  So when the failover happens you would need to redirect those URLs to the new public IP. 

The best option here, would be to do it manually.  A pain, yes, but in my opinion the best option.

Another option, though I have never tried this, so am not 100% sure it will work and its use depends on your companies policies and a few other factors such as if the webserver and exchange server are on the same physical server.  You could use something like No-IP to dynamically update DNS records.  This is installed on the server..if i remember correctly...and it constantly checks in with its current IP and dynamically updates its public DNS record.

--

Please remember to select a correct answer and rate

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
Mojoman12345
Level 1
Level 1
In response to Marius Gunnerud

‎05-29-2014 03:50 AM

Hi there Marius. Thanks for reply... When you were addressing the DNS portion of my issue, you said "The best option here, would be to do it manually"...what exactly does that mean?
0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to Mojoman12345

‎05-29-2014 04:01 AM

Normally when you set up exchange on outlook, or access it through outlook web access...etc. you enter something like mail.company.com or mail.company.com/owa...or similar.  The domain name is you bought needs to be "pointed" at your public IP address so you are able to access that IP by using the URL.  These settings are found when you log into the website of the company you bought the domain from...normally.

So, If you want to use two different ISPs for redundancy, you would need to somehow redirect that email and web traffic to the second ISP when the primary ISP has failed.

When I say do it manually, I mean that you should go into the settings for your domain name and "point" the domain name to the backup ISP IP when there is a failover situation.

--

Please remember to select a correct answer and rate

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card