Scott_Smith24
asked on
Multiple access list
I have 2 ISP's a main and one for failover. Both ISP have given me a dedicated block of IP to route internally. Should I apply a Different access list to each interface or do I just add both groups of external IP to the same external access list?
ASKER
One Cisco router with 2 IPS coming in and 2 sets of Public IPs. I use a DNS failover to manage the set of external IPs. So for each IP coming in I can create a separate Access List IN
On your router you have two outside interfaces, outside1 and outside2,
ISP1 ISP2
\ /
\ /
\ /
1 2
port Cisco port
||
LAN
Does your router provide/function as natting. with the ACL/static mapping to pass public IP traffic to specific IP/ports for different services? Or do you have each internal system configured with a pair of public IPs?
If you use secure communications SSL, the response to a request must exit the same way it entered.
ISP1 ISP2
\ /
\ /
\ /
1 2
port Cisco port
||
LAN
Does your router provide/function as natting. with the ACL/static mapping to pass public IP traffic to specific IP/ports for different services? Or do you have each internal system configured with a pair of public IPs?
If you use secure communications SSL, the response to a request must exit the same way it entered.
ASKER
I use routemap to map the public IPs to the internal IPs and then ACLs to open specific ports
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
How do I tag them going out?
You're not tagging them going out, the marking/tagging will be new connections going in. Can not locate the example.
ASKER
Thanks Im going to try it.
You would apply one access list to route the public IPs to the internal systems and the same forthe other this way you can publish two IPs for each hostname......
Www.yourdomain.com has two IPs ISP1_IPa and isp2_IP1