cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
836
Views
0
Helpful
7
Replies
carl_townshend
Frequent Contributor

please help with best solution, multihomed internet without BGP

Hello all

Canm anyone help, I have 2 internet connections from 2 different providers, these 2 routers sit infront of my firewall.

At the moment only 1 router is used, the other is doing nothing.

The only thing we have is a Site to Site VPN which comes in over one of these links

what is the best way to get these links running, 1 primary and the other standby so they failover automatically.

cheers

Carl

7 REPLIES 7
cadet alain
Advisor

Hi,

use reliable static routing with enhanced object tracking: http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xe/feature/guide/dbackupx.html

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

The problem is these 2 routers sit infront of my checkpoint firewall so the firewall cant really do alot, what do you suggest ?

should I join the 2 different ISP routers with HSRP ?

What do you mean in front? these are not the border routers connected to ISPs?

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi

I mean a i have a router from ISP 1, ISP 2, these then connect to my firewall.

my firewall currently has a default route to ISP 1, all nat is done on the firewall.

how can i get ISP 2 to work in a failover scenario ?

cheers

Use both public IP on the router then add an interconnect /30 between router&firewall: 10.0.0.0/30.

You will do NAT on the router and traffic-control (firewall) on the Checkpoint; this mean you have to redo your existing configuration on the firewall.

Another solution add an interconnect /30 between checkpoint dmz port and router and whenever your primary ISP fails, checkpoint will use a failover route through your router. In this case you can keep your existing configuration.

Hi

would I have to do multiple nat statements on the firewall for this ?

would this work ok as a failover if I put a metric on one of the default routes on the firewall ?

Jeff Van Houten
Contributor

Checkpoint has a load balancing option for just this scenario.

Sent from Cisco Technical Support iPad App