Dear Gurus and Friend,
I am seeking a little help on my setup as below:-
/-----------1st Link (C4500)----------\
ISP -------- ---------------------- CUSTOMER (Fortigate 200B)
\-----------2nd Link (C4500)----------/
Current Setup:-
Customer is having 2 connection to a same ISP.
ISP assigned both links with 2 VLANs with point-to-point (/30) IP addresses for gateway termination.
ISP also assigned a pool of /27 public IP addresses to CUSTOMER.
CUSTOMER requires the /27 public IP to be accessible from both links.
Situation:-
When both links are UP, CUSTOMER is able to use their public IP pools (natted within their Fortigate)
When 2nd link is DOWN, public IP still usable.
When 1st link is DOWN, public IP no longer usable.
Fortigate side configured with policy based detection mechanism, whereby it will sense whichever usable link to route out traffics from natted host.
Configuration for both C4500:-
C4500 # (for link #1)
interface Vlan10
description CUSTOMER_X_#1
ip address 192.168.10.1 255.255.255.252
no ip redirects
no ip proxy-arp
end
router ospf 1
network 192.168.10.1 0.0.0.0 area 0
ip route 172.21.200.32 255.255.255.224 192.168.10.1 tag 1
ip route 172.21.200.32 255.255.255.224 192.168.10.5 tag 1
C4500_1#show access-lists IN_CUSTOMER_X_#1
Extended IP access list IN_CUSTOMER_X_#1
10 permit ip any 172.21.200.32 0.0.0.31 (3640 matches)
C4500_1#
C4500 # (for link #2)
interface Vlan20
description CUSTOMER_X_#2
ip address 192.168.10.5 255.255.255.252
no ip redirects
no ip proxy-arp
end
router ospf 1
network 192.168.10.5 0.0.0.0 area 0
ip route 172.21.200.32 255.255.255.224 192.168.10.1 tag 1
ip route 172.21.200.32 255.255.255.224 192.168.10.5 tag 1
C4500_2#show access-lists IN_CUSTOMER_X_#2
Extended IP access list IN_CUSTOMER_X_#2
10 permit ip any 172.21.200.32 0.0.0.31
C4500_2#
I am seeking a little help on my setup as below:-
/-----------1st Link (C4500)----------\
ISP -------- ---------------------- CUSTOMER (Fortigate 200B)
\-----------2nd Link (C4500)----------/
Current Setup:-
Customer is having 2 connection to a same ISP.
ISP assigned both links with 2 VLANs with point-to-point (/30) IP addresses for gateway termination.
ISP also assigned a pool of /27 public IP addresses to CUSTOMER.
CUSTOMER requires the /27 public IP to be accessible from both links.
Situation:-
When both links are UP, CUSTOMER is able to use their public IP pools (natted within their Fortigate)
When 2nd link is DOWN, public IP still usable.
When 1st link is DOWN, public IP no longer usable.
Fortigate side configured with policy based detection mechanism, whereby it will sense whichever usable link to route out traffics from natted host.
Configuration for both C4500:-
C4500 # (for link #1)
interface Vlan10
description CUSTOMER_X_#1
ip address 192.168.10.1 255.255.255.252
no ip redirects
no ip proxy-arp
end
router ospf 1
network 192.168.10.1 0.0.0.0 area 0
ip route 172.21.200.32 255.255.255.224 192.168.10.1 tag 1
ip route 172.21.200.32 255.255.255.224 192.168.10.5 tag 1
C4500_1#show access-lists IN_CUSTOMER_X_#1
Extended IP access list IN_CUSTOMER_X_#1
10 permit ip any 172.21.200.32 0.0.0.31 (3640 matches)
C4500_1#
C4500 # (for link #2)
interface Vlan20
description CUSTOMER_X_#2
ip address 192.168.10.5 255.255.255.252
no ip redirects
no ip proxy-arp
end
router ospf 1
network 192.168.10.5 0.0.0.0 area 0
ip route 172.21.200.32 255.255.255.224 192.168.10.1 tag 1
ip route 172.21.200.32 255.255.255.224 192.168.10.5 tag 1
C4500_2#show access-lists IN_CUSTOMER_X_#2
Extended IP access list IN_CUSTOMER_X_#2
10 permit ip any 172.21.200.32 0.0.0.31
C4500_2#