Use an edge router to automatically failover to another ISP for devices that are not multi-ISP aware
Posted on 2013-11-14
I have (2) ISP's with a /29 network space available in each (5 usable IP's).
Behind these devices, I have (1) Firewall on one ISP and (1) Firewall on the other ISP. These are performing NAT for (2) different LAN segments.
I also have a PBX that has a WAN interface on ISP (1) with a LAN interface that is in LAN segment (1). The WAN interface exists OUTSIDE of the firewall (this device takes care of its own security in its IOS). This device is only able to have (1) IP address and only has (1) port for WAN communication. This WAN port is used for multiple things, including: SIP trunks, remote phones (physical phones as well as soft phones), and remote administration among other things.
The PBX is not MULTI-ISP aware and is not able to be made aware of multi-ISP. It does have a routing table that I am able to add static routes to, but there is no way that I can tell that would enable this ISP to be MULTI-ISP aware in the event of an ISP failure.
Since I have (2) ISP's and quite a lot of network gear, is there ANY WAY that I can get this PBX to have a single default gateway, and get that gateway to make a routing decision of ISP 1 if ISP 1 is up, and use ISP 2 if ISP 1 is down?
There is a catch...the settings of the PBX cannot be changed in order to use ISP 2, it has to be automatic...I was thinking of trying something like this:
- Take a Cisco 1841 router and give it an IP address on each ISP
- Set the PBX default gateway to the IP address of the Cisco 1841 on ISP 1
- Set the 1841 up with a default route to ISP 1 as long as it can ping [the next hop or the core router @ ISP 1] using the SLA command/icmp reachability/route track
- Set the default route to ISP 2 in the event that ISP 1's SLA tracking fails to ping via ISP 1
- When the 1841 send traffic out ISP 2, have it NAT the IP address using NAT OVERLOAD and the IP address from ISP 2
- Set a 1-to-1 NAT for the IP address of the Cisco 1841 on ISP 2 point in to the PBX, so that traffic returning OR traffic coming unsolicited (like SIP trunk traffic) always lands on the PBX, even though the traffic was sent to the public IP of ISP 2
Would this work? It works with LAN/Private IP's in this way, I was wondering if I could arrange a failover this way for a PUBLIC IP address and not a private IP. I don't think it should matter, unless the SLA tracker comes back up in the middle of a conversation with ISP 2, and then the default route of the Cisco 1841 would change back to ISP 1.
Just so we're clear: BGP is not an option, one of these circuits is Broadband and the ISP's will not peer with tier 2 devices.