Adding a 2nd ISP to network

Unanswered Question
Nov 3rd, 2009
User Badges:

I have a client whom is currently suffering from lack of bandwidth. They get constant complaints from users that the Internet is slow.

The current connection for the company is Dual homed. They have 1 T1 inbound from AT&T and another one from XO communications. These two routers run an HSRP address between them (hypothetical 205.237.229.1) on their Ethernet interfaces (hypothetical 205.237.229.2 and .3)so that the ASA appliance can talk to one address. The outside interface of the ASA is (hypothetical 205.237.229.4).

One of the managers at this company wants to implement another DSL solution that will add 3MG of bandwidth to the Issue and I need to figure out how to Integrate this.

Can I implement two IP addresses on the outside interface of the ASA? Also right now the ASA has a 0.0.0.0 0.0.0.0 route to the Internet router HSRP address of the current network. Can I add a second 0.0.0.0 route to the new address of the new DSL router? Will the ASA load balance?

I am not exactly sure how to implement this. I have added a diagram if anyone can help figure this out.

Thanks

Kevin




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Giuseppe Larosa Tue, 11/03/2009 - 08:38
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Kevin,

the ASA should be able to support two default static routes but only if all next-hops are in the same interface.


egress interface can only be one being this a firewall.


on the other end if secondary ip addresses are not supported you should put all on the same IP subnet.


>> After selecting egress interface using any method described above, an additional route lookup is performed to find out suitable next hop(s) that belong to previously selected egress interface


see

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/ip.html#wp1118242


looking at command reference


unfortunately I don't see any secondary option:


http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/i3.html#wp1825348


so the requirement is to put all devices in the same IP subnet associated to outside interface.


multiple default static routes with different IP next-hops should be supported as explained in first link to config guide.


Hope to help

Giuseppe


cjw Fri, 11/06/2009 - 22:47
User Badges:

Kevin--


Maybe you can place a router between the ASA and the ISP connections. On that router, you can run policy based routing to select appropriate paths depending upon the type of traffic you have.


For example, we send our web browsing, FTP and VPN client traffic out our high-speed Internet connection and the rest of the traffic (e.g. email) out the T-1.


cjw

Actions

This Discussion