[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Dual Routers, Dual/Different ISPs and Two ASA one attached to each ISP

Posted on 2011-09-06
6
Medium Priority
?
423 Views
Last Modified: 2012-05-12
We have dual routers attached to two different ISPs.  We also have two ASAs 5520 and 5510 behind each router.  We want to implement BGP for failover and redundancy.  We have L2L VPN's on both ASAs. How will BGP affect the secondary circuit that has the alternate ASA attached to it? In other words will the L2L VPN still be available on the secondary circuit after we have implemented BGP?  
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 18

Expert Comment

by:jmeggers
ID: 36493114
I don't know about anybody else here, but I need a diagram to understand what you're trying to accomplish!
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 36495960
I'm confused also....    

If these 2 Circuits and ASAs are at different locations with no back end connectivity, then why use BGP?    The ASA's VPN crypto map match will catch the interesting traffic, encapsulate, and send across the VPN tunnel to the 2nd site.       ????    

0
 
ID: 36496232
Here is a diagram of what I am referring too.  Dual Router Two ISPs and 2 ASAs with L2L VPN
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 33

Expert Comment

by:MikeKane
ID: 36497190
That diagram doesn't help me much....    ARe the green and pink clouds ISPs?   I'm not sure how the L2L fit into this scenario since the networks seem to be connected between R1 and R2.    Where are the workstations?    ARe you trying to just get redundant outbound connectivity?  
0
 
ID: 36498013
The diagram above is multi-homed we have in our infrastructure two different ISPs Time Warner and Paetec.  Time Warner will be the preferred circuit when BGP is configured.  Paetec will be the failover circuit in the event that Time Warner becomes unavailable.  

What I am asking you is since we have site to site VPNs on both circuits will the BGP configuration affect the site to site VPN on the Paetec/Failover circuit?  Or do we simply need a static route on the Paetec ASA pointing to Outer Router 2?
0
 
LVL 33

Accepted Solution

by:
MikeKane earned 2000 total points
ID: 36498129
Ah, now I understand the setup.    The BGP will not affect the L2L VPN since you have the preferences set.    When the SSI LAN initiates the outbound traffic, it will follow the BGP routing patch as needed.        IF an external client initiates the VPN traffic (I assume they have the failover peers setup on the customer end), then the client tries the 1st peer IP, then the 2nd in the event of an outage.      

Now, this is me talking through a forum without 100% understanding of the network, so check BGP and test the circuit with a simulated outage.   But I think that's all you need here.  

0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Considering cloud tradeoffs and determining the right mix for your organization.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question