cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
928
Views
8
Helpful
11
Replies

Firewall ISP Support

chetansharma
Level 1
Level 1

I have a ASA 5540,and i have one ISP connect to it with outside interface and now i want to connect a 2 mbps another isp line to them is it poosible to connect with the use of extended 4ge ssm card.can a firewall support to ISP at a time.

11 Replies 11

andrew.prince
Level 10
Level 10

But i wan to know that can a firewall support two ISP at a time.means if i will use 4ge ssm(with 4 extra ethernet ports) card in Asa 5540 can i connect two different ISP to the firewall.i thnk it is not becoz at a time how two different traffic can process.

The card should be supporte ok - and for the traffic..simple - 2 equal cost default routes pointing to the next hop IP of the ISP's:-

route outside 0.0.0.0 0.0.0.0 <> 1

route outside 0.0.0.0 0.0.0.0 <> 1

HTH>

Thanks

means i can connect two different isp(1mbps and 2 mbps) link on a firewall(ASA 5540) at a time and both will work simultaneously and i also want different zones(like inside,dmz) for both the links ...Is it possible???

To load balance outbound over the 2 x ISP's then the equal cost default routes should be cool. If you want to connect them to seperate zones, then this would only effect the inbound traffic over the links.

You are going to have to think about what you want to do with that, but should be cool.

HTH>

THANKS

See whats the scenario is there i have 1MBPS ISP line connected to my ASA 5540 and everything like internet web hosting,applications all are working fine,but without disturbing the present scenario i want to add another 2 MBPS ISP line to the ASA 5540 to host another applications of new project.Is it poosible... becoz there is no more port available on asa and if i upgrade ASA with a card 4GE SSM,can both work simultaneously without affecting traffic.

Yes.

Another solution would be if you have a cisco or any switch that can perform a do1q trunk, would be to connect the current 1MPS circuit to a cisco switch and create a specific vlan for that ISP connection. Then when you get the other ISP connection - create and connect it into another vlan.

Then connect the outside of the ASA to the switch and make the switch port a trunk port to the ASA. Then you create a sub-interface on the outside interface of the ASA.

You don't need the 4GE card, BUT if the switch is faulty - you could possible loss both connections.

HTH>

Thanks a lot

ok means i can upgrade my firewall with a card 4ge and everything will work fine, i will go for this becoz firewall is in failover(active\standby)..so redundancy is thr.

If u have any suggestion pls go ahead.

Thanks

I would suggest you go for the MULTIPLE_CONTEXT mode on your Cisco ASA, As you mentioned that you are using a 5540 ASA and also running failover, i assume that you either have the Security plus license or the vpn Plus license installed on it.

To the best of my knowledge both these licenses support MULTIPLE_CONTEXT modes.

You can either go for a SSM card for the additional ports or if you want to do some cost saving you can use subinterfaces and VLANS on the ASA, with each subinterfaces lying in a different CONTEXTS serving a completely different set of users or applications.

If you really want to get to the pinaccle of the configuration, you can go ahead and try ACTIVE/ACTIVE failover for the 2 contexts.

for multiple-context condig you can refer :

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808d2b63.shtml

and for Active/Active failover you can refer:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml

Active/active failover has several limitations, read the document carefully before you proceed.

Rate if helpful.

i am unable to create sub-inerface on my asa 5540.Failover is active/stand-by.How can i create sunb-interface and vlan in ASA 5540.

Both the links i have posted above have resources about creating sub-interfaces on the ASA. It would be better if you read the documents first , understand then and then proceed in the direction you are moving in.

Doing something without understanding what is being done will put you in trouble.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: