cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
999
Views
0
Helpful
8
Replies

config 2 t1's on asa 5520

kmcilvaine
Level 1
Level 1

I am new to the asa but it is currently working fine. I have been asked to set up a second t1 and have not done that before.Is this firewall able to do this? Do i need to set up a second wan and lan?

8 Replies 8

1cmerchant
Level 1
Level 1

I don't think there are any serial WIC's available for the ASA series devices. What I've done in this scenario for my organization is to use an 1800 or 2800 series router with the appropriate WIC's, and then use one of its Ethernet interface to attach to the ASA. Works pretty well though it IS another device to manage.

That is how I currently have it configured. Is it difficult to add the second t1 to the asa. What configs are involved on the asa?

You're not adding another T1 to the ASA, you're adding another T1 to the router. The connection between the router and the ASA remains Ethernet.

Keith

Perhaps you are not understanding the response from Carl in the same way that I am. I believe that he is saying the the T1 (serial) connections are on a separate router. The router manages the T1 connections and routes packets from the Internet to the firewall (and packets from the firewall to the Internet). So adding another T1 is just a matter of adding another serial interface on the router (and possibly making appropriate changes in routing logic to use the extra interface). There would be no change at all on the ASA.

HTH

Rick

HTH

Rick

I totally understand what you are saying. I might not have been clear enough. I am adding a second internet router with a new set of public addresses and want to run that through the same firewall as well as the current 1 in place.

Keith

This certainly clarifies the issue. So you currently have 1 router connecting to the Internet/ISP with its own set of public addresses. Now you want to add a second router which will have another link to the Internet/ISP and will have its own set of public addresses.

Will both routers connect to the firewall through the same Ethernet subnet or will the second router connect to the firewall through a separate interface?

Is the router doing address translation from the inside (private) addresses to the outside (public) addresses or is the address translation in the firewall?

Do you want outbound traffic split between the two Internet links (load sharing) or do you want a primary/backup relationship for the links?

If we know these things we may be able to give you better answers.

HTH

Rick

HTH

Rick

Both router will connect through the same subnet.

address translation is being done on the firewall.

I want to load balance the 2 lines

Keith

Can you help me understand your current environment a bit better? On the existing router what is the IP addressing of its outside interface (connecting to the ISP) and the IP addressing of its inside interface (connecting to the firewall)?

Could you also tell me a bit about how you are currently doing the address translation in the firewall? Are there any static translations (to facilitate outside access to particular server resources inside your network) or is it all dynamic translation to support your outbound traffic?

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: