cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
685
Views
0
Helpful
7
Replies
Highlighted
Frequent Contributor

please help with best solution, multihomed internet without BGP

Hello all

Canm anyone help, I have 2 internet connections from 2 different providers, these 2 routers sit infront of my firewall.

At the moment only 1 router is used, the other is doing nothing.

The only thing we have is a Site to Site VPN which comes in over one of these links

what is the best way to get these links running, 1 primary and the other standby so they failover automatically.

cheers

Carl

7 REPLIES 7
Highlighted
Advisor

Hi,

use reliable static routing with enhanced object tracking: http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xe/feature/guide/dbackupx.html

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Highlighted

The problem is these 2 routers sit infront of my checkpoint firewall so the firewall cant really do alot, what do you suggest ?

should I join the 2 different ISP routers with HSRP ?

Highlighted

What do you mean in front? these are not the border routers connected to ISPs?

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Highlighted

Hi

I mean a i have a router from ISP 1, ISP 2, these then connect to my firewall.

my firewall currently has a default route to ISP 1, all nat is done on the firewall.

how can i get ISP 2 to work in a failover scenario ?

cheers

Highlighted

Use both public IP on the router then add an interconnect /30 between router&firewall: 10.0.0.0/30.

You will do NAT on the router and traffic-control (firewall) on the Checkpoint; this mean you have to redo your existing configuration on the firewall.

Another solution add an interconnect /30 between checkpoint dmz port and router and whenever your primary ISP fails, checkpoint will use a failover route through your router. In this case you can keep your existing configuration.

Highlighted

Hi

would I have to do multiple nat statements on the firewall for this ?

would this work ok as a failover if I put a metric on one of the default routes on the firewall ?

Highlighted
Contributor

Checkpoint has a load balancing option for just this scenario.

Sent from Cisco Technical Support iPad App

Content for Community-Ad