cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
606
Views
5
Helpful
3
Replies

C1116-4P Metered Routes

Keegan Santos
Level 1
Level 1

Hello Everyone,

 

     I'm looking at getting the C1116-4P for a branch office.  This office will have a layer 2 point to point connection provided by the ISP back to the HQ.  One of the ideas being entertained as well is to have a separate Internet connection in addition to this point to point link, incase HQ goes down.  My question is, are you able to configure metered routes on the C1116-4P so that if the gateway at HQ becomes unresponsive it switches over to a secondary one, and then switches back when it becomes responsive again?

 

Also my method of achieving this would be

Router port 1 ----> isp point to point uplink device

Router port 2 ----> FPR1010 connected to standalone internet connection

Configure router to use gateway reachable on port 1 as standard default gateway, will fall back to gateway connected to port 2 if anything goes wrong.  

 

I have the FPR in the mix because I'm not sure if I would be able to do just forwarding with no NAT on one interface, then start NAT'ng everything should the main gateway go down.

 

If I can make anything clearer let me know.  Thank you.

1 Accepted Solution

Accepted Solutions

Then in that case - you will configure on FTD NAT for the LAN IP to reach internet.

 

IP route and IP SLA will work.

 

https://www.cisco.com/c/en/us/support/docs/ip/ip-routing/200785-ISP-Failover-with-default-routes-using-I.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

You can use IP sla to track the Link and Fail over to Port2

 

the question here is  on Port2 FTD connected, doe this have already VPN or another means to connect your HQ ?

 

yes you need NAT (but if FTD already have VPN, they can use VPN to reach HQ ?)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

A VPN wouldn't be needed in this case as the only time it would switch to the secondary gateway is if HQ goes down, and if they are down then a VPN can't be established anyways.  During normal operation there would be no VPN, this is a direct point to point link between the two locations (in the practical sense anyways).  The firewall and secondary internet connection would only provide an internet connection in the case of HQ going down, it would provide no other connectivity.

Then in that case - you will configure on FTD NAT for the LAN IP to reach internet.

 

IP route and IP SLA will work.

 

https://www.cisco.com/c/en/us/support/docs/ip/ip-routing/200785-ISP-Failover-with-default-routes-using-I.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help