ASA5520 with multiple WAN. Require vlan and fileover

Unanswered Question
Nov 14th, 2008

We have a ASA5520 with the 4 onboard ports.

DMZ LAN and Inside LAN take two of these ports. Currently we have 3 WAN connections (from 3 different sevice providers) and may get some more in the future.

Can we put all the WAN connections into the one interface using vlans ? And also is it possible to do failover with this type of set up ? That is if one WAN link goes down traffic can be routed out another vlan ?

What is the best way to do this set up ? Can you use floating static routes maybe ?

(Unfortunately, the expansion slot is reserved for an IPS card so we dont have the option to add in an SSM 4GE card to get more intercfaces )

Many thanks for you help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Fri, 11/14/2008 - 06:53

Martin-

The failover on an ASA is just for chassis failover. Meaaning that it can not detect a failed WAN connection and reroute to the other firewall. A router can do what you require, then you could route the traffic to the firewall. You can trunk multiple VLANs on a single ethernet port, assuming you have the correct licensing.

Hope that helps.

Actions

This Discussion