Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1323
Views
0
Helpful
2
Replies

Multiple WAN connections, one firewall?

steve.hassell
Level 1
Level 1

‎01-13-2010 06:55 AM - edited ‎03-11-2019 09:57 AM

I am not sure if this is possible, and if it is, I am then not sure how this would be accomplished:

We will have 3 separate WAN connections provided by 3 separate ISP's coming into our office.  How may I set it up so that all three are firewalled using one ASA 5510?  I was told in passing that I could "just run them all through an edge router" then run that into the firewall, but upon further research, most routers are set to accept 1 WAN feed.  Is it possible to put a standard router outside of the firewall to combine the connections?  If so, what are the perils involved? 

We currently have 2 WAN connections with a small Watchguard appliance on each.  It would be nice to have one firewall appliance (the ASA 5510) and one edge router appliance (re-commission one of the Watchguards or another small router) to handle the whole situation. 

Obviously I am not a network administrator, but rather the "computer guy"...so naturally I am expected to wave my standard-issue magic "computer guy" wand and make it happen...that or press the "Any" key.  So please forgive my lack of knowledge on the subject.

Steve

Labels:
0 Helpful
2 Replies 2

Kureli Sankar
Cisco Employee
Cisco Employee

‎01-13-2010 10:31 AM

What is the reason for 3 ISPs?

Redundancy or

Load balancing?

Either way the ASA does not support this and you can read this thread there: https://supportforums.cisco.com/message/894921

You can use a router like you are thinking and do route tracking for redundance or PBR for load balancing.

-KS

0 Helpful

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎01-14-2010 12:07 AM

Hi,

It will best if you terminate your ISP links in router and do a Policy based routing based on the incoming traffic from LAN.I would suggest you to make setup in the below manner

                         ISP1 -----

                                                  Router---ASA--Local LAN

                         ISP2 -----

In this fashion you can configure load balancig of ISP and you can track the failure of ISP using IP SLA configuration in cisco routers.With the above setup only trusted traffic will be allowed in local lan which will be filtered by ASA.

Check out the below link on PBR to implement in routers

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009481d.shtml

Hope that clear out your query !!

Regards

Ganesh.H

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card