thanks Hammer :). any other thoughts from the group ???
--- On Tue, Nov 16, 2010 at 10:19 AM, --Hammer-- <[email protected]> wrote: > I don’t think there is a solution with the present set up. You need to get > creative. Like I said, come up with a new block of space (private) and run > this single APP on it and route that to the ISP router in question and NAT > it there to a public IP. Something crazy like that would work. > > > > > > --Hammer > > > > "I was a normal American nerd." > -Jack Herer > > > > *From:* A 1 [mailto:[email protected]] > *Sent:* Tuesday, November 16, 2010 9:13 AM > > *To:* --Hammer-- > *Cc:* [email protected] > *Subject:* Re: [OSL | CCIE_RS] DUAL homed > > > > Behind the ISP router I have a firewall but firewall does not support > policy based routing. > > > > > > ---------- router3 ( new isp) > > firewall ---------- router2 ( old isp ) > ---------- rotuer1 ( old isp ) > > > > router 1 and router 2 are running HSRP and have a default route from > firewall for outgoing traffic for HSRP address. I can NAT for incoming > traffic from router3 but for outgoing traffic ??? > > > > Regards > > M > > > > On Tue, Nov 16, 2010 at 10:00 AM, --Hammer-- <[email protected]> wrote: > > So we are only halfway there. > > > > This really depends on how radical you want to go. You could always fire up > a second network. Trunk it, dual NICs, etc. NAT it back at the edge routers > to a public address. I mean, there are several ways to do it but there is an > ugliness factor to contend with. How ugly do you want to make it? > > > > > > > > --Hammer > > > > "I was a normal American nerd." > -Jack Herer > > > > *From:* A 1 [mailto:[email protected]] > *Sent:* Tuesday, November 16, 2010 8:56 AM > *To:* --Hammer-- > *Cc:* [email protected] > > > *Subject:* Re: [OSL | CCIE_RS] DUAL homed > > > > I can apply the PBR for outgoing traffic the firewall ASA does not > support source based routing. > > > > Regards > > M > > On Tue, Nov 16, 2010 at 9:47 AM, --Hammer-- <[email protected]> wrote: > > Ok, I try not to speak up on technical stuff because there are far smarter > people on this thread than me but why can’t you do PBR on the routers for > this? This new application is going to have a unique IP address right? So > why can’t you write some route maps for the IP address of the application > and PBR it to the right circuit? Am I missing something? > > > > > > > > --Hammer > > > > "I was a normal American nerd." > -Jack Herer > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *A 1 > *Sent:* Monday, November 15, 2010 12:07 PM > > > *To:* [email protected] > > *Subject:* Re: [OSL | CCIE_RS] DUAL homed > > > > > > On Mon, Nov 15, 2010 at 1:06 PM, A 1 <[email protected]> wrote: > > Hello, > > > > My apologies if I put this request in the wrong section. > > > > Can any one help me out .. I have two ISP routers( from the same company ) > working as a primary and secondary ( HSRP ) and all our network outbound is > using this HSRP address. There is an ASA firewall behind these routers. I > have a requirement for a portal applcation having couple of servers that > resides in firewall DMZ should pass through a new circuit ( ISP ) i.e only > portal servers should use this new ISP circuit. How can I do that.. one > solution that I was thinking to > > - enable static NAT (with the ISP provided IP with local IP at DMZ for all > servers) > > - source based routing > > > > but there is no policy base routing supported by ASA > > > http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item09186a00805b87d8.shtml#pbr > > > > My preference is not to use BGP > > Regards > > M > > > > > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
