Daul ISP and specific ISP routing

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Daul ISP and specific ISP routing

L0 Member

Good Afternoon All

 

I have read the various methods for Dual ISP configuration and they make sense. I could not find one last detail and I was hoping someone here could help.

 

Desired Configuration:

 

ISP 1 = Active for outbound traffic during normal operations.

ISP 2 = Inactive

1 Client IP on the internet network to have its traffic routed out via ISP 2

 

Basically the IP phone system needs to use ISP 2 all the time, but we need all other client to use ISP1 unless ISP is down.

 

Hope this makes sense.

Thanks

 

 

1 REPLY 1

Hey @Mort2k ,

Probably couple of ways to achieve what you want, but here is what I will do if I were you:

- Create to separate virtual-routers (VRs), one for each ISP

- Create default route for each VR to respective ISP with enabled path monitor for each route

- If possible directly connect the IP phone VLAN to the firewall and assign it to the second VR, so both ISP2 and IP phone VLAN to be in the same VR.

- Create source NAT rules to translate IP phones traffic to public IP from ISP2 and all other traffic with public IP from ISP1

-------

At this point you should have internet access for IP phone system from ISP2 and internet access for all other systems over ISP1

 

- Create second default route for each VR pointing to "next-vr" with metric higher than the primary default route

- Create NAT rules for IP phone system to translate source with address from ISP1 and all other systems with address from ISP2

(Note: if you use same security zone for both ISPs, you should use "destination interface" in addition to destination zone, when defining the NAT rules. If you use different zone, you don't have to define dest interface)

----

Above should allow you to automatically failover any service to backup ISP provider if there are any issues with primary ISP (path monitor will disable the preferable route to ISP and FW will use the next-vr and use the ISP from the other VR as backup internet access.

 

 

  • 1397 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!