?
Solved

Dual Routers, Dual/Different ISPs and Two ASA one attached to each ISP

Posted on 2011-09-06
6
Medium Priority
?
425 Views
Last Modified: 2012-05-12
We have dual routers attached to two different ISPs.  We also have two ASAs 5520 and 5510 behind each router.  We want to implement BGP for failover and redundancy.  We have L2L VPN's on both ASAs. How will BGP affect the secondary circuit that has the alternate ASA attached to it? In other words will the L2L VPN still be available on the secondary circuit after we have implemented BGP?  
0
Comment
  • 3
  • 2
6 Comments
 
LVL 18

Expert Comment

by:jmeggers
ID: 36493114
I don't know about anybody else here, but I need a diagram to understand what you're trying to accomplish!
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 36495960
I'm confused also....    

If these 2 Circuits and ASAs are at different locations with no back end connectivity, then why use BGP?    The ASA's VPN crypto map match will catch the interesting traffic, encapsulate, and send across the VPN tunnel to the 2nd site.       ????    

0
 
ID: 36496232
Here is a diagram of what I am referring too.  Dual Router Two ISPs and 2 ASAs with L2L VPN
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 33

Expert Comment

by:MikeKane
ID: 36497190
That diagram doesn't help me much....    ARe the green and pink clouds ISPs?   I'm not sure how the L2L fit into this scenario since the networks seem to be connected between R1 and R2.    Where are the workstations?    ARe you trying to just get redundant outbound connectivity?  
0
 
ID: 36498013
The diagram above is multi-homed we have in our infrastructure two different ISPs Time Warner and Paetec.  Time Warner will be the preferred circuit when BGP is configured.  Paetec will be the failover circuit in the event that Time Warner becomes unavailable.  

What I am asking you is since we have site to site VPNs on both circuits will the BGP configuration affect the site to site VPN on the Paetec/Failover circuit?  Or do we simply need a static route on the Paetec ASA pointing to Outer Router 2?
0
 
LVL 33

Accepted Solution

by:
MikeKane earned 2000 total points
ID: 36498129
Ah, now I understand the setup.    The BGP will not affect the L2L VPN since you have the preferences set.    When the SSI LAN initiates the outbound traffic, it will follow the BGP routing patch as needed.        IF an external client initiates the VPN traffic (I assume they have the failover peers setup on the customer end), then the client tries the 1st peer IP, then the 2nd in the event of an outage.      

Now, this is me talking through a forum without 100% understanding of the network, so check BGP and test the circuit with a simulated outage.   But I think that's all you need here.  

0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question