Cisco Router Guru - Complex Multi-ISP Configuration

Posted on 2009-04-18
Last Modified: 2012-05-06
I have a customer who wants redundancy with multiple ISP connections. I am very familiar with how to configure a single ISP connection (with Cisco router) with one or more Global IP addresses, with NAT and overloaded NAT (PAT), I know how to configure GRE tunnels, and access-lists, but what I need is how to configure the following:

"      Cisco 2811 12.4(3c), 4 x FastEthernet, 256mb
"      ISP #1, Static IPs, gw:, 5 usable .42 -> .46 (DS3, 45mbps/45mbps  BGP with #2)
"      ISP #2, Static IPs, gw:, 5 usable .66 -> .70 (Fiber, 20mbps/5mbps  BGP with #1)
"      ISP #3, Static IPs, gw:, 5 usable .82 -> .86 (Cable, 8mbps/1mbps  No BGP avail)
"      ISP #4, Static IPs, gw:, 1 usable .94 (DSL, 4mbps/384kbps  No BGP avail)
"      ISP #5, Dynamic IP, single IP (Aircard, 1mbps)

" -> (ports 80, 443)
" -> (ports 25, 110)
" -> (ports 3389, GRE)

Router Interface:
"      FastEthernet 1 ->
"      FastEthernet 2 ->
"      FastEthernet 3 ->
"      FastEthernet 4 ->

"      ISP #1 and #2 to use BGP to resolve each others routing path to client (I know this is something that has to be arranged with ISP #1 and #2)
"      ISP #3 has 5 global IP, but no BGP
"      ISP #4 has only 1 global IP, and no BGP
"      Is it possible to configure a higher routing metric value during BGP configuration to send traffic to and traffic to ??
"      ISP #5 will never be used for inbound traffic
"      Outbound traffic needs to return by whatever path it came in on (is this necessary??)
"      If ISP #1, 2, 3, and 4 are all down, then outbound traffic will use ISP #5 (on demand aircard on different router)
"      GRE Tunnels exist between 2 remote sites, with Cisco routers, (Lan and (Lan
"      Local Lan is
"      Tunnel traffic between local lan ( and tunnels ( and should live as long as at least one WAN interface is up
"      Aircard (for outbound traffic if ISP #1, #2, #3, #4 down) is on Lan & so all outbound traffic should be sent to this IP only if all 4 of the WAN interfaces are down (the aircard is connected to its own router with NAT)

End result:
"      If at least one WAN interface is up, all inbound/outbound traffic and GRE tunnel traffic will flow normally, without interruption  even if the main ISP goes down, traffic will continue, automatically & must check for keep-alive (or something), because cannot depend on interface getting a down status from ISP & it may just stop passing traffic

I know this is a rather complex configuration, but a 2 ISP scenario is probably common. If there are any routing gurus who have done this, or similar, it would really help me, and possibly others, if you know a solution to this. Many (many) thanks in advance.

Question by:mmexchange
    1 Comment
    LVL 15

    Accepted Solution

    If you build a static NAT for each server and each ISP, you can take care of most of this. You put 4 IP addresses on each server. NAT one ISP to each server IP, and then use route maps to get the response back out the correct port. I have a 2 ISP example here . The GRE traffic will be a little more difficult unless you have 5 IP addresses on the remote side. Then you static a route to each IP address out a different ISP. Build the 5 tunnels. You can do demand interfaces for the tunnels but I hate them. Just set the delay so high on the other connections that they are note used. Then run eigrp. If the tunnel is unreachable it will remove it from the table. As for the ISP interface going down you can use tracking.
    You might want to read all the entries I have there. If you can get through the first few steps and post some configurations samples I can help more.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Join & Write a Comment

    In a WLAN, anything you broadcast over the air can be intercepted.  By default a wireless network is wide open to all until security is configured. Even when security is configured information can still be intercepted! It is very important that you …
    Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now