Dual ISP

TheNewZion123 · ‎01-28-2010

Hi,

I have 2 Cisco ASA5510 in Activ - Standby mode,whose outside interfaces are connected to a switch,in which Cisco 2811 fastethernet also connected,the Cisco2811 has one more fastethernet,which is connected to a ISP 1,then the routers's ATM interface (ADSL) is connected to ISP 2.

My requirement is,the DMZ to Outside traffic should go through ISP1 failing which ,switch over to ISP2.Then all the traffic from Inside to Outside should take a primary route through ISP 2 (ADSL) failing which ,it should take a route through the ISP 1.

(There is a Single point of failure at switch and router level.

AS I know I need to configure PBR,but exactly i do not know how to do.....

Can any one help me...

Regards,

Ganesh Hariharan · ‎01-28-2010

Hi,

I
have 2 Cisco ASA5510 in Activ - Standby mode,whose outside interfaces
are connected to a switch,in which Cisco 2811 fastethernet also
connected,the Cisco2811 has one more fastethernet,which is connected to
a ISP 1,then the routers's ATM interface (ADSL) is connected to ISP 2.

My
requirement is,the DMZ to Outside traffic should go through ISP1
failing which ,switch over to ISP2.Then all the traffic from Inside to
Outside should take a primary route through ISP 2 (ADSL) failing which
,it should take a route through the ISP 1.

(There is a Single point of failure at switch and router level.

AS I know I need to configure PBR,but exactly i do not know how to do.....

Can any one help me...

Regards,

Hi,

For your scenario PBR will do the trick configure route map with selcted source ip address to move to selected destination link and check out the below link on PBR with clear view of how to configure PBR in cisco routers.

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009481d.shtml

Hope to help

Ganesh.H

TheNewZion123 · ‎01-28-2010

Thank you Mr.ganesh....

Regards,

S.Venkataraman

Ganesh Hariharan · ‎01-28-2010

Thank you Mr.ganesh....

Regards,

S.Venkataraman

Hi Venkataraman,

Thats great the above post has helped you if really helpful do rate the valueble post and if resolved mark the thread as resolved so that other get benifiited.

Ganesh.H

Muthukumar P · ‎11-30-2011

Dear Ganesh,

I have one problem in one of my Network setup.

In that location cisco1841 router with two ISP with BGP.

one ISP is BSNL and another one is TATA. BSNL is connected in serial port and TATA is connected in Fast ethernet port.

we are using BSNL as primary and TATA as Backup.When BSNL line is cut means it should be take to TATA. and after the BSNL line came means and should be automatically switchover from TATA to BSNL.

is it possible??

can any one help me.

arulkumar80 · ‎01-28-2010

Dear Sir,

Please check the below configuration.

while configuring routes you can make one the routes with high AD so that it will the primary route

Dual-homed environments with different ISPs have usually meant that BGP must be used and that both ISPs must support BGP routing. Throughout this tutorial, I will show you how you can have mulitple ISPs without BGP or provider independant IP addresses. Tracking objects provide a means of removing static routes if the ISP cannot be contacted.

Here is a small drawing:

hostname Router
!

ip cef

!####Establish sla monitors for use in tracking objects####!

ip sla monitor 1
type echo protocol ipIcmpEcho 12.34.45.1
threshold 3
frequency 5

ip sla monitor schedule 1 life forever start-time now

ip sla monitor 2
type echo protocol ipIcmpEcho 23.34.56.1
threshold 3
frequency 5

ip sla monitor schedule 2 life forever start-time now

!

!####Configure Tracking objects (referencing IP SLA monitor’s above)####!

track 101 rtr 1 reachability
!
track 102 rtr 2 reachability
!
!
!
!
!####Configure Interfaces with NAT####!

interface FastEthernet0
ip address 192.168.1.254 255.255.255.0
ip nat inside
!
interface s0/0
ip address 12.34.45.2 255.255.255.0
ip nat outside
!
interface s0/1
ip address 23.45.67.2 255.255.255.0
ip nat outside
!
ip classless

!####Configure gateway of last resort with tracking objects####!
ip route 0.0.0.0 0.0.0.0 12.34.45.1 track 101
ip route 0.0.0.0 0.0.0.0 23.45.67.1 track 102

!####Configure NAT statements for most outbound traffic####!
ip nat inside source route-map ISP1 interface s0/0 overload
ip nat inside source route-map ISP2 interface s0/1 overload

!####Configure NAT statements for your mail server####!
!(remember to setup dns for mail on both public IP addresses)!

ip nat inside source static tcp 192.168.1.10 25 12.34.45.2 25 route-map ISP1 extendable
ip nat inside source static tcp 192.168.1.10 25 23.45.67.2 25 route-map ISP2 extendable
!
!
access-list 10 permit 192.168.1.0 0.0.0.255
!
!####Configure route maps for reference in NAT statements####!

route-map ISP2 permit 10
match ip address 10
match interface s0/1

!
route-map ISP1 permit 10
match ip address 10
match interface s0/0
!

Regards

Arulkumar

Gerardo Marciales · ‎05-08-2011

Thank for your answer, when I try in my Router tell later, thanks.

me.srikanth · ‎03-25-2013

track 10 ip sla 1 reachability
!
track 20 ip sla 2 reachability
!
!
!
!
interface FastEthernet0/0
description WAN-LINK
ip address 119.82.98.50 255.255.255.240 secondary
ip address 202.62.62.122 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description LOCAL-LAN
ip address 202.62.62.97 255.255.255.248 secondary
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 202.62.62.121 track 10
ip route 0.0.0.0 0.0.0.0 119.82.98.49 track 20
ip route 0.0.0.0 0.0.0.0 202.62.62.121
ip nat inside source list DATA interface FastEthernet0/0 overload
ip nat inside source route-map CITY interface FastEthernet0/0 overload
ip nat inside source route-map SPECTRA interface FastEthernet0/0 overload

ip access-list standard DATA
permit 192.168.0.0 0.0.0.255

ip sla 1
icmp-echo 202.62.77.121
threshold 3
frequency 5
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 119.82.98.49
threshold 3
frequency 5
ip sla schedule 2 life forever start-time now

route-map CITY permit 10
match ip address DATA
match interface FastEthernet0/0
!
route-map SPECTRA permit 10
match ip address DATA
match interface FastEthernet0/0

Hi Guys,
I Have done the configuration like this ,
I was able to use Public ip s of secondary link,but i am unable to ACcess the internet through local ip addresses, when the first is down . i given four 4 dns-server ip addresses also,
ANY ONE can u please give me the solution on this one , It was a great helpful for me
Thanks,