Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1133
Views
0
Helpful
7
Replies

please help with best solution, multihomed internet without BGP

carl_townshend
Spotlight
Spotlight

‎09-28-2012 02:15 AM - edited ‎03-04-2019 05:41 PM

Hello all

Canm anyone help, I have 2 internet connections from 2 different providers, these 2 routers sit infront of my firewall.

At the moment only 1 router is used, the other is doing nothing.

The only thing we have is a Site to Site VPN which comes in over one of these links

what is the best way to get these links running, 1 primary and the other standby so they failover automatically.

cheers

Carl

Labels:
0 Helpful
7 Replies 7

cadet alain
VIP Alumni
VIP Alumni

‎09-28-2012 02:20 AM

Hi,

use reliable static routing with enhanced object tracking: http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xe/feature/guide/dbackupx.html

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

carl_townshend
Spotlight
Spotlight
In response to cadet alain

‎09-28-2012 02:28 AM

The problem is these 2 routers sit infront of my checkpoint firewall so the firewall cant really do alot, what do you suggest ?

should I join the 2 different ISP routers with HSRP ?

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to carl_townshend

‎09-28-2012 02:38 AM

What do you mean in front? these are not the border routers connected to ISPs?

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

carl_townshend
Spotlight
Spotlight
In response to cadet alain

‎09-28-2012 07:36 AM

Hi

I mean a i have a router from ISP 1, ISP 2, these then connect to my firewall.

my firewall currently has a default route to ISP 1, all nat is done on the firewall.

how can i get ISP 2 to work in a failover scenario ?

cheers

0 Helpful

Florin Barhala
Level 6
Level 6
In response to carl_townshend

‎09-28-2012 09:32 AM

Use both public IP on the router then add an interconnect /30 between router&firewall: 10.0.0.0/30.

You will do NAT on the router and traffic-control (firewall) on the Checkpoint; this mean you have to redo your existing configuration on the firewall.

Another solution add an interconnect /30 between checkpoint dmz port and router and whenever your primary ISP fails, checkpoint will use a failover route through your router. In this case you can keep your existing configuration.

0 Helpful

carl_townshend
Spotlight
Spotlight
In response to Florin Barhala

‎09-30-2012 09:02 AM

Hi

would I have to do multiple nat statements on the firewall for this ?

would this work ok as a failover if I put a metric on one of the default routes on the firewall ?

0 Helpful

Jeff Van Houten
Level 5
Level 5

‎09-30-2012 01:45 PM

Checkpoint has a load balancing option for just this scenario.

Sent from Cisco Technical Support iPad App

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card