Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
961
Views
0
Helpful
4
Replies

redundant ISP configuration

onyx_oyin
Level 1
Level 1

‎06-25-2013 03:22 AM


Hi, I have configured a VPN client via ISP one on a Cisco ASA, however the client wants me to configure a backup ISP on the same ASA. I am not clear on how to go about this for example each ISP has its own set of client LAN IPs as well as different WAN ips.
Sent from Cisco Technical Support iPad App

Labels:
0 Helpful
4 Replies 4

sayrmatics
Level 1
Level 1

‎06-29-2013 09:20 AM

Hi

Can you describe your setup in a bit more details? Is this remote access or L2L IPSec or SSL VPN? Are you directly peering with the ISPs off the ASA or are there separate WAN edge routers/firewalls?

Thanks

0 Helpful

onyx_oyin
Level 1
Level 1
In response to sayrmatics

‎06-30-2013 02:01 PM

The scenario is this I use VPN clients from two different ISPs to connect to some servers in another organization.

ISP 1 has a router in my premises with its block of IPs to be used by my VPN clients

ISP 2 also has a router In. My premises with a diff block of ips to be used by the same VPN clients if the first ISP fails. I expect to manually change the IPs on the client machine to the block of IPs belonging to ISP 2.
My confusion is this I already have configured inside and outside interfaces on the ASAfor the ISP 1. My thinking is I have to also configure inside and outside interfaces for ISP two since the inside addresses for both ISPs are different. Then I can apply IP sla tracking?


I hope you understand the question better now

0 Helpful

sayrmatics
Level 1
Level 1
In response to sayrmatics

‎07-01-2013 02:24 PM

Your encryption domain (client PCs on your LAN connecting to the remote servers) should not have to change regardless of which ISP you use. Can't see any technical benefits of re-addressing your internal network when you change ISPs...unless there is a "political" or regulatory reason for doing that. And if there is any insistence from any quarters, that is exactly what NATs are for.

Best off going with the IP SLA monitoring option below with address translation as required...

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni

‎06-30-2013 01:21 AM

Hello Mojoyinola,

You could go with IP-SLA monitoring for this

Check this out:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

Remember to rate all of the helpful posts.

For this community that's as important as a thanks.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents