Hi, Remove the new (3rd) router. Terminate the connection to the new ISP on the existing routers. Then configure your route maps accordingly.
Regards. ________________________________ From: A 1 <[email protected]> To: --Hammer-- <[email protected]> Cc: [email protected] Sent: Tue, November 16, 2010 4:27:12 PM Subject: Re: [OSL | CCIE_RS] DUAL homed thanks Hammer :). any other thoughts from the group ??? --- On Tue, Nov 16, 2010 at 10:19 AM, --Hammer-- <[email protected]> wrote: I don’t think there is a solution with the present set up. You need to get creative. Like I said, come up with a new block of space (private) and run this single APP on it and route that to the ISP router in question and NAT it there to a public IP. Something crazy like that would work. > > >--Hammer > >"I was a normal American nerd." >-Jack Herer > >From:A 1 [mailto:[email protected]] >Sent: Tuesday, November 16, 2010 9:13 AM > >To: --Hammer-- >Cc: [email protected] >Subject: Re: [OSL | CCIE_RS] DUAL homed > >Behind the ISP router I have a firewall but firewall does not support policy >based routing. > > > ---------- router3 ( new isp) >firewall ---------- router2 ( old isp ) > ---------- rotuer1 ( old isp ) > >router 1 and router 2 are running HSRP and have a default route from firewall >for outgoing traffic for HSRP address. I can NAT for incoming traffic from >router3 but for outgoing traffic ??? > >Regards >M > >On Tue, Nov 16, 2010 at 10:00 AM, --Hammer-- <[email protected]> wrote: >So we are only halfway there. > >This really depends on how radical you want to go. You could always fire up a >second network. Trunk it, dual NICs, etc. NAT it back at the edge routers to a >public address. I mean, there are several ways to do it but there is an >ugliness >factor to contend with. How ugly do you want to make it? > > > > >--Hammer > >"I was a normal American nerd." >-Jack Herer > >From:A 1 [mailto:[email protected]] >Sent: Tuesday, November 16, 2010 8:56 AM >To: --Hammer-- >Cc: [email protected] > >Subject: Re: [OSL | CCIE_RS] DUAL homed > > I can apply the PBR for outgoing traffic the firewall ASA does not support >source based routing. > >Regards >M >On Tue, Nov 16, 2010 at 9:47 AM, --Hammer-- <[email protected]> wrote: >Ok, I try not to speak up on technical stuff because there are far smarter >people on this thread than me but why can’t you do PBR on the routers for >this? >This new application is going to have a unique IP address right? So why can’t >you write some route maps for the IP address of the application and PBR it to >the right circuit? Am I missing something? > > > > >--Hammer > >"I was a normal American nerd." >-Jack Herer > >From:[email protected] >[mailto:[email protected]] On Behalf Of A 1 >Sent: Monday, November 15, 2010 12:07 PM > >To: [email protected] >Subject: Re: [OSL | CCIE_RS] DUAL homed > > >On Mon, Nov 15, 2010 at 1:06 PM, A 1 <[email protected]> wrote: >Hello, > >My apologies if I put this request in the wrong section. > >Can any one help me out .. I have two ISP routers( from the same company ) > working as a primary and secondary ( HSRP ) and all our network outbound is >using this HSRP address. There is an ASA firewall behind these routers. I >have >a requirement for a portal applcation having couple of servers that resides in >firewall DMZ should pass through a new circuit ( ISP ) i.e only portal servers >should use this new ISP circuit. How can I do that.. one solution that I was >thinking to >- enable static NAT (with the ISP provided IP with local IP at DMZ for all >servers) >- source based routing > >but there is no policy base routing supported by ASA >http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item09186a00805b87d8.shtml#pbr > > >My preference is not to use BGP >Regards >M > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
