Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1182
Views
0
Helpful
5
Replies

Multihoming using dual ISP connection to internet edge

chris henderson
Level 1
Level 1

‎11-07-2018 01:38 PM - edited ‎03-10-2019 01:07 AM

i am trying to firm up the best configuration and design at the IE with dual ISP connects . 

 

i have DUAL IE routers and dual ISPs will connect to each router . 

Each IE router will have dual connects back into my internal FTD (where my public IPs and NAT sits )

 

what is the best design and configuration approach to achieve this 

 

(EBGP at IE)

(do i use iBGP , VSS ,HSRP between routers )

(do i use BGP internally to FTD or static ) HA A/S

 

your thoughts welcomed . 

 

regards ,

Chris Henderson 

Labels:
0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎11-07-2018 01:45 PM

Basic questions :

 

1. Do you like to use both the Links Active / Active ISP connections.

2. Do your provider offer any BGP or static ?

3. what kind of Switch you have between Routers and FTD 

4. how is your exiting network diagram ( or is this green Field ) ?

5. Do you have Dual FTD to cluster or Active / Standby ?

 

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

chris henderson
Level 1
Level 1
In response to balaji.bandi

‎11-07-2018 04:42 PM

all great questions bb and denis i uploaded an example diagram for your view 

 

no switch between IE and FTD ( IE router had 10g sw ports)

both ISPs active / active ( i am thinking ebgp with PFR)

FTD is active standby ( i am also thinking this is where customer plublic IPs will exists and NAT)

 

Preview file
19 KB
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to chris henderson

‎11-08-2018 07:46 AM

FTD is active standby ( i am also thinking this is where customer plublic IPs will exists and NAT)

 

In the above question do you host Services which required NAT Public to Private IP to inside ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

chris henderson
Level 1
Level 1
In response to balaji.bandi

‎11-08-2018 08:22 AM

hey yes the FTD will have the customer internal networks and NAT for external browsing as an example 

0 Helpful

Dennis Mink
VIP Alumni
VIP Alumni

‎11-07-2018 02:26 PM

use your FTD's in HA configuration. with two routers in front of it; on to each ISP.  if your ISP's support bgp, then peer eBGP and advertise your public range out of both, tweak metric using AS path prepend to make one ISP more preferred over the other.  

 

this question is asked very often so there is plenty docco on the subject here on the forum

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful
Customers Also Viewed These Support Documents