config 2 t1's on asa 5520

Unanswered Question
Dec 17th, 2007
User Badges:

I am new to the asa but it is currently working fine. I have been asked to set up a second t1 and have not done that before.Is this firewall able to do this? Do i need to set up a second wan and lan?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
1cmerchant Mon, 12/17/2007 - 07:32
User Badges:

I don't think there are any serial WIC's available for the ASA series devices. What I've done in this scenario for my organization is to use an 1800 or 2800 series router with the appropriate WIC's, and then use one of its Ethernet interface to attach to the ASA. Works pretty well though it IS another device to manage.

kmcilvaine Mon, 12/17/2007 - 07:36
User Badges:

That is how I currently have it configured. Is it difficult to add the second t1 to the asa. What configs are involved on the asa?

1cmerchant Mon, 12/17/2007 - 11:16
User Badges:

You're not adding another T1 to the ASA, you're adding another T1 to the router. The connection between the router and the ASA remains Ethernet.

Richard Burts Mon, 12/17/2007 - 11:22
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Keith


Perhaps you are not understanding the response from Carl in the same way that I am. I believe that he is saying the the T1 (serial) connections are on a separate router. The router manages the T1 connections and routes packets from the Internet to the firewall (and packets from the firewall to the Internet). So adding another T1 is just a matter of adding another serial interface on the router (and possibly making appropriate changes in routing logic to use the extra interface). There would be no change at all on the ASA.


HTH


Rick

kmcilvaine Tue, 12/18/2007 - 06:10
User Badges:

I totally understand what you are saying. I might not have been clear enough. I am adding a second internet router with a new set of public addresses and want to run that through the same firewall as well as the current 1 in place.

Richard Burts Tue, 12/18/2007 - 09:09
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Keith


This certainly clarifies the issue. So you currently have 1 router connecting to the Internet/ISP with its own set of public addresses. Now you want to add a second router which will have another link to the Internet/ISP and will have its own set of public addresses.


Will both routers connect to the firewall through the same Ethernet subnet or will the second router connect to the firewall through a separate interface?


Is the router doing address translation from the inside (private) addresses to the outside (public) addresses or is the address translation in the firewall?


Do you want outbound traffic split between the two Internet links (load sharing) or do you want a primary/backup relationship for the links?


If we know these things we may be able to give you better answers.


HTH


Rick

kmcilvaine Tue, 12/18/2007 - 09:12
User Badges:

Both router will connect through the same subnet.


address translation is being done on the firewall.


I want to load balance the 2 lines

Richard Burts Tue, 12/18/2007 - 14:13
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Keith


Can you help me understand your current environment a bit better? On the existing router what is the IP addressing of its outside interface (connecting to the ISP) and the IP addressing of its inside interface (connecting to the firewall)?


Could you also tell me a bit about how you are currently doing the address translation in the firewall? Are there any static translations (to facilitate outside access to particular server resources inside your network) or is it all dynamic translation to support your outbound traffic?


HTH


Rick

Actions

This Discussion