Dual Routers, Dual/Different ISPs and Two ASA one attached to each ISP

Posted on 2011-09-06
Medium Priority
Last Modified: 2012-05-12
We have dual routers attached to two different ISPs.  We also have two ASAs 5520 and 5510 behind each router.  We want to implement BGP for failover and redundancy.  We have L2L VPN's on both ASAs. How will BGP affect the secondary circuit that has the alternate ASA attached to it? In other words will the L2L VPN still be available on the secondary circuit after we have implemented BGP?  
  • 3
  • 2
LVL 18

Expert Comment

ID: 36493114
I don't know about anybody else here, but I need a diagram to understand what you're trying to accomplish!
LVL 33

Expert Comment

ID: 36495960
I'm confused also....    

If these 2 Circuits and ASAs are at different locations with no back end connectivity, then why use BGP?    The ASA's VPN crypto map match will catch the interesting traffic, encapsulate, and send across the VPN tunnel to the 2nd site.       ????    

ID: 36496232
Here is a diagram of what I am referring too.  Dual Router Two ISPs and 2 ASAs with L2L VPN
IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

LVL 33

Expert Comment

ID: 36497190
That diagram doesn't help me much....    ARe the green and pink clouds ISPs?   I'm not sure how the L2L fit into this scenario since the networks seem to be connected between R1 and R2.    Where are the workstations?    ARe you trying to just get redundant outbound connectivity?  
ID: 36498013
The diagram above is multi-homed we have in our infrastructure two different ISPs Time Warner and Paetec.  Time Warner will be the preferred circuit when BGP is configured.  Paetec will be the failover circuit in the event that Time Warner becomes unavailable.  

What I am asking you is since we have site to site VPNs on both circuits will the BGP configuration affect the site to site VPN on the Paetec/Failover circuit?  Or do we simply need a static route on the Paetec ASA pointing to Outer Router 2?
LVL 33

Accepted Solution

MikeKane earned 2000 total points
ID: 36498129
Ah, now I understand the setup.    The BGP will not affect the L2L VPN since you have the preferences set.    When the SSI LAN initiates the outbound traffic, it will follow the BGP routing patch as needed.        IF an external client initiates the VPN traffic (I assume they have the failover peers setup on the customer end), then the client tries the 1st peer IP, then the 2nd in the event of an outage.      

Now, this is me talking through a forum without 100% understanding of the network, so check BGP and test the circuit with a simulated outage.   But I think that's all you need here.  


Featured Post

Become a Leader in Data Analytics

Gain the power to turn raw data into better business decisions and outcomes in your industry. Transform your career future by earning your MS in Data Analytics. WGU’s MSDA program curriculum features IT certifications from Oracle and SAS.  

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

586 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question