Second ISP Circuit

Posted on 2008-11-12
Last Modified: 2012-05-05
We currently have one main ISP circuit coming into our data center.  It goes to a Catalyst 2950 which is the Internet switch and then to an ASA 5540 and a 6509 that does all layer 3 routing.  A second ISP circuit has been installed for backup purposes and I am trying to decide how best to set it up.  I have an additional ASA 5540 plus extra switches and routers that are not in use and can be used if needed.  I want the internal network to stay the same, just with the ability to flip outbound traffic out the different gateway if needed and also would be setting up additional A records using the new ISP public IPs mapped to our internal servers such as the e-mail server and web server so that if the main circuit goes down, incoming traffic still transparently comes through via the second circuit.

Has anyone done, or is doing this sort of scenario?
Question by:NRL71
    LVL 13

    Accepted Solution

    LVL 1

    Expert Comment

    As an idea,

    Use a bonder to join the 2 links together, this gives you more bandwidth all the time, and provides fail over in that if one dies the other is still up and running.  
    There is a free solution at
    Have a look and see if it meets your needs?

    LVL 28

    Assisted Solution

    The following  comments assume that your 2nd curcuit utilizes a 2nd ISP. If that's not correct please let me know.

    Moving outbound traffic out the 2nd gateway is pretty easy. You can do this with floating static routes, HSRP, SAA object tracking, etc.

    But your bigger problem is changing DNS records for the inbound traffic you apparently have. Changing DNS records takes not only manual effort, but hours of propagation time. Do you have your own IP address space, or are you using private RFC 1918 addressing, or are you using public address space provided by the first ISP? The only really effective way to manage inbound traffic is to have your own address space that you can advertise to both ISPs via BGP. This is only required for the public-access servers you have but it provides consistent addressing regardless of ISP.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    This article is focussed on erradicating the confusion with slash notations. This article will help you identify and understand the purpose and use of slash notations. A deep understanding of this will help you identify networks quicker especially w…
    Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now