Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
387
Views
4
Helpful
2
Replies

Adding a 2nd ISP to network

Kevin Melton
Level 2
Level 2

‎11-03-2009 08:19 AM - edited ‎03-04-2019 06:35 AM

I have a client whom is currently suffering from lack of bandwidth. They get constant complaints from users that the Internet is slow.

The current connection for the company is Dual homed. They have 1 T1 inbound from AT&T and another one from XO communications. These two routers run an HSRP address between them (hypothetical 205.237.229.1) on their Ethernet interfaces (hypothetical 205.237.229.2 and .3)so that the ASA appliance can talk to one address. The outside interface of the ASA is (hypothetical 205.237.229.4).

One of the managers at this company wants to implement another DSL solution that will add 3MG of bandwidth to the Issue and I need to figure out how to Integrate this.

Can I implement two IP addresses on the outside interface of the ASA? Also right now the ASA has a 0.0.0.0 0.0.0.0 route to the Internet router HSRP address of the current network. Can I add a second 0.0.0.0 route to the new address of the new DSL router? Will the ASA load balance?

I am not exactly sure how to implement this. I have added a diagram if anyone can help figure this out.

Thanks

Kevin

Labels:
21000-ODEC New Router for Internet.vsd
0 Helpful
2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎11-03-2009 08:38 AM

Hello Kevin,

the ASA should be able to support two default static routes but only if all next-hops are in the same interface.

egress interface can only be one being this a firewall.

on the other end if secondary ip addresses are not supported you should put all on the same IP subnet.

>> After selecting egress interface using any method described above, an additional route lookup is performed to find out suitable next hop(s) that belong to previously selected egress interface

see

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/ip.html#wp1118242

looking at command reference

unfortunately I don't see any secondary option:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/i3.html#wp1825348

so the requirement is to put all devices in the same IP subnet associated to outside interface.

multiple default static routes with different IP next-hops should be supported as explained in first link to config guide.

Hope to help

Giuseppe

0 Helpful

cjw
Level 1
Level 1
In response to Giuseppe Larosa

‎11-06-2009 10:47 PM

Kevin--

Maybe you can place a router between the ASA and the ISP connections. On that router, you can run policy based routing to select appropriate paths depending upon the type of traffic you have.

For example, we send our web browsing, FTP and VPN client traffic out our high-speed Internet connection and the rest of the traffic (e.g. email) out the T-1.

cjw

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card