No announcement yet.

Need to create 2 routes to the Internet

  • Filter
  • Time
  • Show
Clear All
new posts

  • Need to create 2 routes to the Internet


    I need to migrate a small number (~10) of sever 2003 web servers to a new external IP range. This will take some time and I must preserve uptime.

    All the servers are currently connected to the internet via a Cisco PIX 501, with an Internal IP range of 192.168.1.x and an external IP range of 200.200.200.x (thatís fake). Each server has 1 IP addresses configured with a default gateway (the 501).

    I need to migrate each box to a new gateway (Cisco ASA 5510) which uses a new external IP range 300.300.300.x (also fake). The new gateway can be on the same subnet (192.168.1.x) or a new one - it doesnít matter to me - whichever is easiest.

    My problem is making it possible to access each serverís website(s) from both the old (200.200.200.x) IP and the new (300.300.300.x) IP.

    I've been playing with routing/NAT on the 5510 and routing on windows, but can only get 1 or the other to function. I believe my problem is not incoming packets, but the return outing packets, related to the gateway problem on Windows?

    I have some networking experience but I'm by no means an expert!

    Is this even possible?

    Any and all help much appreciated!


  • #2
    Re: Need to create 2 routes to the Internet

    Here's what I would do:

    Install a network sniffer on one of the web servers, then connect your browser to it from either the 200 or the 300 network, then make sure that the traffic is getting to the server, then run a tracert to the ip address of the incoming connection and see what path it takes, this will tell you for sure what is happening. Post your results back here so that we can think of a solution for you. You could also look into source or policy based routing on the ASA.


    • #3
      Re: Need to create 2 routes to the Internet

      I may be missing something but why are you enabling routing on the windows servers as well?

      From what I read, the idea is for your servers are to be temporarily multi-homed?
      Is there to be two seperate physical connections to the net? Do you need any load balancing on these connections?

      Staying away from enabling routing on the servers themselves and avoiding load balancing altogether, what happens when you give the ASA's internal interface a 192.168.1.x address and configure its external interfaces and NAT as required?

      NAT/PAT effectively break the connection between your external users and internal servers (at the network/transport layer) into your external users and your routers and your routers and your servers. If you can spare a 200.200.200.x you could try a test to be sure; setup a test device similiar to your current servers, can an external user reach it? If so the remove it's default gateway, all still ok? See it works!

      Then if/when the times comes to remove the PIX you may just change the default gateway on the servers to point to the ASA and remove the PIX.

      IMO this presents a good simple solution which fits what you have asked for but doesn't take full advantage of being multi-homed.
      I don't know anything about (you or your) computers.
      Research/test for yourself when listening to free advice.