Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
391
Views
10
Helpful
6
Replies

anyconnect remote vpn

bluesea2010
Level 5
Level 5

‎07-06-2022 10:46 PM

Hi,

I have two service providers and I dont'have own  public ip's.

If one isp fails I want to failover to other isp's ,how can I do that 

Thanks

 

0 Helpful
6 Replies 6

Kasun Bandara
VIP
VIP

‎07-06-2022 10:48 PM

you can use dynamic DNS to resolve public IPs to anyconnect clients and use domain name in clients to connect.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

bluesea2010
Level 5
Level 5
In response to Kasun Bandara

‎07-06-2022 10:55 PM

Hi @Kasun Bandara 

 

If I have two isp's  ,if I want to send internet traffic (from lan to internet )to both isp's ,How  can I do that ?

Thanks

 

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to bluesea2010

‎07-07-2022 12:01 AM

 

If I have two isp's  ,if I want to send internet traffic (from lan to internet )to both isp's ,How  can I do that ?

The below thread help you :

https://community.cisco.com/t5/routing/load-balancing-and-failover-for-isp-links/td-p/4037409

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Kasun Bandara
VIP
VIP
In response to bluesea2010

‎07-07-2022 12:54 AM

can you share some topology about your network? 

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
0 Helpful

Aref Alsouqi
VIP
VIP

‎07-07-2022 10:05 AM

As @Kasun Bandara mentioned, please share your topology because it depends on how your topology looks like we would be able to suggest the best solution. In the meantime, if you have an ASA then you can't configure two equal default static routes pointing to two different interfaces, which kinda become problematic to achieve a real load balancing in that case. However, if you have router that is connected to both ISPs then that is easy as you can configure the two static routes on the router.

0 Helpful

sadavir.sampath
Level 1
Level 1

‎07-07-2022 03:29 PM

Hi,
-For load balancing, you need only to put 2 default route:
Ex:
ip route 0.0.0.0 0.0.0.0 10.0.1.1 name Provider1
ip route 0.0.0.0 0.0.0.0 10.0.2.1 name Provider2
You don't need no more
Rem: For a complete configuration, you should manage DNS with "DNS VIEW" command if you use the DNS server of the providers.
But in most cases, the use of a public DNS (in your DHCP service) will work.

-For Failover
If you want to manage the failover, you have to uses Cisco SLA and TRACK technology.
A Sample:
track 1 ip sla 1 reachability
!
ip sla 1
 icmp-echo 8.8.8.8 source-ip IP_Of_YOUR_INTF_CONNECTED_TO_PROVIDER_BOX
!
ip sla schedule 1 life forever start-time now
!
ip route 0.0.0.0 0.0.0.0 10.0.1.1 track 1  name PrimaryWanProvider
ip route 0.0.0.0 0.0.0.0 10.0.2.1 10 name BackupWanProvider
(This sample assume the NAT is done by the boxes/routers of the providers)

Hope that will help you

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents