Solved

Dual Routers, Dual/Different ISPs and Two ASA one attached to each ISP

Posted on 2011-09-06
6
413 Views
Last Modified: 2012-05-12
We have dual routers attached to two different ISPs.  We also have two ASAs 5520 and 5510 behind each router.  We want to implement BGP for failover and redundancy.  We have L2L VPN's on both ASAs. How will BGP affect the secondary circuit that has the alternate ASA attached to it? In other words will the L2L VPN still be available on the secondary circuit after we have implemented BGP?  
0
Comment
  • 3
  • 2
6 Comments
 
LVL 18

Expert Comment

by:jmeggers
ID: 36493114
I don't know about anybody else here, but I need a diagram to understand what you're trying to accomplish!
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 36495960
I'm confused also....    

If these 2 Circuits and ASAs are at different locations with no back end connectivity, then why use BGP?    The ASA's VPN crypto map match will catch the interesting traffic, encapsulate, and send across the VPN tunnel to the 2nd site.       ????    

0
 
ID: 36496232
Here is a diagram of what I am referring too.  Dual Router Two ISPs and 2 ASAs with L2L VPN
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 33

Expert Comment

by:MikeKane
ID: 36497190
That diagram doesn't help me much....    ARe the green and pink clouds ISPs?   I'm not sure how the L2L fit into this scenario since the networks seem to be connected between R1 and R2.    Where are the workstations?    ARe you trying to just get redundant outbound connectivity?  
0
 
ID: 36498013
The diagram above is multi-homed we have in our infrastructure two different ISPs Time Warner and Paetec.  Time Warner will be the preferred circuit when BGP is configured.  Paetec will be the failover circuit in the event that Time Warner becomes unavailable.  

What I am asking you is since we have site to site VPNs on both circuits will the BGP configuration affect the site to site VPN on the Paetec/Failover circuit?  Or do we simply need a static route on the Paetec ASA pointing to Outer Router 2?
0
 
LVL 33

Accepted Solution

by:
MikeKane earned 500 total points
ID: 36498129
Ah, now I understand the setup.    The BGP will not affect the L2L VPN since you have the preferences set.    When the SSI LAN initiates the outbound traffic, it will follow the BGP routing patch as needed.        IF an external client initiates the VPN traffic (I assume they have the failover peers setup on the customer end), then the client tries the 1st peer IP, then the 2nd in the event of an outage.      

Now, this is me talking through a forum without 100% understanding of the network, so check BGP and test the circuit with a simulated outage.   But I think that's all you need here.  

0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Routing between two networks? 10 50
Radius Debug Error 16 88
MAC address learning of Riverbed 4 41
ASA Tunnel 18 27
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now