Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
269
Views
4
Helpful
11
Replies

Dual ISP wan failover with Public IP

Adcom911
Level 1
Level 1

‎07-18-2025 10:00 AM

Hello,

We recently had a failover test between between our ISP 1 and ISP 2. The failover portion worked fine via the IP sla's but we were unable to pass traffic through ISP 2. I believe the issue is due to the switch we have the ISP connections coming in on we have the public IP from ISP 1 as the svi between the switch and FTD outside interface. So thus im assuming when we failover to ISP 2 that svi from ISP 1 causes the traffic to be unroutable as ISP 2 is unaware of it.  To solve this would we need a new public IP from ISP 2 to use on vlan 2 and a second outside interface on our FTD? Or is there another way to get this dual wan solution working while keeping vlan 1 public ip in place? Maybe natting between isp 1 and 2? 

 

DualSPDiagram.png

Labels:
0 Helpful
11 Replies 11

MHM Cisco World
VIP
VIP

‎07-18-2025 10:08 AM

There is no NAT in l3 SW?

MHM

0 Helpful

Adcom911
Level 1
Level 1
In response to MHM Cisco World

‎07-18-2025 10:12 AM

Hello! Currently there is no NAT on the Switch 

0 Helpful

MHM Cisco World
VIP
VIP
In response to Adcom911

‎07-18-2025 10:17 AM

Ftd do NAT ? 

Both ISP know vlan1 subnet?

MHM

0 Helpful

Adcom911
Level 1
Level 1
In response to MHM Cisco World

‎07-18-2025 10:26 AM

FTD does nat and im assuming ISP 2 doesn't know about vlan 1 subnet due to it not working. 

MHM Cisco World
VIP
VIP
In response to Adcom911

‎07-18-2025 10:30 AM

You find solution.

ISP2 need to know vlan1 subnet to make retrun back traffic work.

MHM

Adcom911
Level 1
Level 1
In response to MHM Cisco World

‎07-18-2025 10:34 AM - edited ‎07-18-2025 10:36 AM

Gotcha, so dumb question just call ISP2 and say hey can you make a static pointing to that subnet? 

Edit: Well they can't point a static since it would direct traffic to a backup port thats not in use....So they just would need to advertise the network on their side possibly? 

MHM Cisco World
VIP
VIP
In response to Adcom911

‎07-18-2025 10:37 AM

Correct' this will solved your issue.

MHM

0 Helpful

Adcom911
Level 1
Level 1
In response to MHM Cisco World

‎07-18-2025 10:49 AM

Thank you! I will reach out to ISP 2 and see if thats possible. 

0 Helpful

paul driver
VIP
VIP

‎07-18-2025 10:40 AM

Hello
I would say make that switch a L2 transit switch, and relocate both of your ISP PIPs on to the FW, from there you can LB across both ISPs with NAT redundancy, no need to call any ISP for additional allocation, in fact you will have a spare 150.x.x.x. to play with.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Adcom911
Level 1
Level 1
In response to paul driver

‎07-18-2025 10:48 AM

I kind of like that solution. How would you do NAT redundancy? I'm not familiar with that technique 

DUALSISP2.png

0 Helpful

paul driver
VIP
VIP
In response to Adcom911

‎07-18-2025 11:15 AM

Hello
That would depend on the make/model of the FWs tbh..  the above design would be applicable though in fact we have a couple of customers running similar on Palo Altos.

Example
dual FWs in Active/passive or active/active modes, sharing the ISPs addressing, this should will allow high availability so to utilise both wan circuits at the same time (if required) if you do also want to use a wan transit switch just need to be aware that could be a single point of failure unless you have a stack.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents