Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
990
Views
0
Helpful
4
Replies

Multi-homed internet connection

vergeerf
Level 1
Level 1

‎01-19-2010 01:45 AM - edited ‎03-11-2019 09:58 AM

I have the following components, ISA Server, two standalone PIX firewalls, two internet routers (800 series)

Currently only one router is being used for internet access.

We now have a second internet DSL connection and want to use one connection for exclusive use of buisiness critical applications, the other connection will be used for general internet browsing. The "problem" is that all clients use the ISA server as gateway. Normally I would implement something like a route-map to set the next-hop...

thanks in advance for any feedback

Labels:
0 Helpful
4 Replies 4

Mohamed Sobair
Level 7
Level 7

‎01-19-2010 05:57 AM

Hi,

Does the third Internet connection terminates on the same router, or it has seperate router?

I am assuming the default GW for the ISA is the Active pix and the Pix points to one of the routers.

The Security Appliance doesnt support PBR , and would therfore PBR has to be implemented on the router terminates both connections and uses the ADSl connection for the critical application.

HTH

Mohamed

0 Helpful

vergeerf
Level 1
Level 1
In response to Mohamed Sobair

‎01-23-2010 02:19 AM

>Does the third Internet connection terminates on the same router, or it has seperate router?

a seperate router (actually the second internet connection) no the third.

It's good to know that PBR is not supported on the PIX / ASA

Thanks for your input

0 Helpful

vilaxmi
Cisco Employee
Cisco Employee

‎01-19-2010 06:41 AM

Hello,


I see that you need to use ONE ( DSL ) internet line for normal internet surfing (port 80 traffic) and another line for business critical applications.

First of all,  I would like to inform you thatyou can not use your second ISP  ALONG with your primary ISP as Cisco ASA cannot do Policy Based Routing. Please check :

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item09186a00805b87d8.shtml#pbr

Now, since you need to send a FIXED port traffic to one circuit , we have a workaround developed for such cases :

nat (inside) 1 0 0

global (outside_1) 1 interface

global (outside_2) 1 interface

static (inside,outside_2) tcp 0.0.0.0 www 0.0.0.0 netmask 0.0.0.0

route outside_1  0 0 x.x.x.x //next hop router's IP address for ISP_1//

route outside_2 0 0 y.y.y.y  2 //next hop router's IP address for ISP_2 with an administrative Distance of 2 (higher than primary route)//

HTH

Vijaya

0 Helpful

vergeerf
Level 1
Level 1
In response to vilaxmi

‎01-23-2010 02:20 AM

Thanks for your input, I will try to setup of test environment before implementing this in production :-)

It's good to know that PBR is not supported on the PIX / ASA. Because I was thinking in this direction.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card