Need router dual Wan in front of ASA

Unanswered Question
Jun 21st, 2009

I need to route based on the policy rules. ASA doesnt seem to do that, I want the business traffic on one WAN and the Internet and VOIP on the 2nd WAN. I was thinking the 1811 will do this. I already have an ASA working but cant route. Any suggestions?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Paolo Bevilacqua Sun, 06/21/2009 - 10:53

Get the router.

When configured properly, you will find that you don't even need the asa anymore.

thotsaphon Sun, 06/21/2009 - 10:59


ASA can't do that.

You can use cisco 1811 router to do that. Just create ACLs to classify traffic you want to redirect to each WAN link. If they are internet links please pay special attention to NAT.



markworsnop Sun, 06/21/2009 - 12:23

I knew ASA couldnt do this, is the 1811 the right model? Sounds like it has the 2 WANS. Why wouldnt I need the ASA any more?

thotsaphon Sun, 06/21/2009 - 12:39


You still need ASA for doing firewall jobs. Cisco 1811 router supports PBR. However it depends on how much traffic you are going to send them out of 2 Wan links. PBR is done on the process switch. You may check by using a "sh process cpu history" command when running this feature on. I used to configure Cisco 1721 router(2 internet links) for my customer with this features. It's fine. Like I mentioned, It depends. (grin)



markworsnop Sun, 06/21/2009 - 12:40

Thank you very much for your help. I hate ordering the wrong stuff! :)

thotsaphon Sun, 06/21/2009 - 12:53


I'm not sure that why you choose Cisco 1811 router. In case you want to add any WIC/HWIC for Wan interfaces. You may think about Cisco 1841 router. It has 2 WAN slots for you guys. (grin)

Edit: You need IOS feature set, IP services or higer for doing PBR on Cisco 1811 router(If you want to).

Note: I'm sleepy head now(4 Am). You may check things yourself.



markworsnop Sun, 06/21/2009 - 13:01

I went to the comparison on the 1800 series and the 1811 was the 1st one that had 2 WANS. Why would the 1841 be better?

Leo Laohoo Sun, 06/21/2009 - 18:26

Thank you very much for your help. I hate ordering the wrong stuff!

That's what e-bay is for. He he he ...

Joseph W. Doherty Mon, 06/22/2009 - 03:47

BTW, how were you planning to control return traffic to WAN link?

Unless you control both directions with QoS, VoIP with any other traffic might degrade VoIP.

If you can provide QoS in both directions, unclear the advantage of placing traffic on dedicated links with PBR. Also, with PBR, gets a bit more complex assuming you want both links to "backstop" each other.

markworsnop Mon, 06/22/2009 - 04:48

We have one internet connect we use for VPN to our other locations. Some of the locations are running RDP with the servers here.

The 2nd connection is supposed to be for the internet for the local office (here) just for uploading and downloading etc.

That is what started all of this. So I am hoping to route the http and ftp traffic on the one line, and the rest of it on the other line.


This Discussion