Multiple access list

I have 2 ISP's a main and one for failover. Both ISP have given me a dedicated block of IP to route internally. Should I apply a Different access list to each interface or do I just add both groups of external IP to the same external access list?
LVL 1
Scott_Smith24Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
What is your setup? Do you have a single firewall that is connecting both ISPs? Or

You would apply one access list to route the public IPs to the internal systems and the same forthe other this way you can publish two IPs for each hostname......

Www.yourdomain.com has two IPs ISP1_IPa and isp2_IP1
Scott_Smith24Author Commented:
One Cisco router with 2 IPS coming in and 2 sets of Public IPs. I use a DNS failover to manage the set of external IPs. So for each IP coming in I can create a separate Access List IN
arnoldCommented:
On your router you have two outside interfaces, outside1 and outside2,


ISP1                                                                        ISP2
       \                                                                       /
         \                                                                   /
           \                                                               /
             1                                                           2
           port                    Cisco                      port
                                           ||
                                          LAN


Does your router provide/function as natting. with the ACL/static mapping to pass public IP traffic to specific IP/ports for different services? Or do you have each internal system configured with a pair of public IPs?

If you use secure communications  SSL, the response to a request must exit the same way it entered.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Scott_Smith24Author Commented:
I use routemap to map the public IPs to the internal IPs and then ACLs to open specific ports
arnoldCommented:
yes you would need multiple acls one that applies to interface1 to allow those requests on specific ports to be allowed and similarly for the interfafce2.

to the LAN side you likely can use a single ACL.

For secure inbound connections (ssl/TLS, SSH) you likely will need to tag/mark those packets to make sure they leave your network along the same path that they entered.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Scott_Smith24Author Commented:
How do I tag them going out?
arnoldCommented:
You're not tagging them going out, the marking/tagging will be new connections going in. Can not locate the example.
Scott_Smith24Author Commented:
Thanks Im going to try it.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.