01-19-2010 01:45 AM - edited 03-11-2019 09:58 AM
I have the following components, ISA Server, two standalone PIX firewalls, two internet routers (800 series)
Currently only one router is being used for internet access.
We now have a second internet DSL connection and want to use one connection for exclusive use of buisiness critical applications, the other connection will be used for general internet browsing. The "problem" is that all clients use the ISA server as gateway. Normally I would implement something like a route-map to set the next-hop...
thanks in advance for any feedback
01-19-2010 05:57 AM
Hi,
Does the third Internet connection terminates on the same router, or it has seperate router?
I am assuming the default GW for the ISA is the Active pix and the Pix points to one of the routers.
The Security Appliance doesnt support PBR , and would therfore PBR has to be implemented on the router terminates both connections and uses the ADSl connection for the critical application.
HTH
Mohamed
01-23-2010 02:19 AM
>Does the third Internet connection terminates on the same router, or it has seperate router?
a seperate router (actually the second internet connection) no the third.
It's good to know that PBR is not supported on the PIX / ASA
Thanks for your input
01-19-2010 06:41 AM
Hello,
I see that you need to use ONE ( DSL ) internet line for normal internet surfing (port 80 traffic) and another line for business critical applications.
First of all, I would like to inform you thatyou can not use your second ISP ALONG with your primary ISP as Cisco ASA cannot do Policy Based Routing. Please check :
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item09186a00805b87d8.shtml#pbr
Now, since you need to send a FIXED port traffic to one circuit , we have a workaround developed for such cases :
nat (inside) 1 0 0
global (outside_1) 1 interface
global (outside_2) 1 interface
static (inside,outside_2) tcp 0.0.0.0 www 0.0.0.0 netmask 0.0.0.0
route outside_1 0 0 x.x.x.x //next hop router's IP address for ISP_1//
route outside_2 0 0 y.y.y.y 2 //next hop router's IP address for ISP_2 with an administrative Distance of 2 (higher than primary route)//
HTH
Vijaya
01-23-2010 02:20 AM
Thanks for your input, I will try to setup of test environment before implementing this in production :-)
It's good to know that PBR is not supported on the PIX / ASA. Because I was thinking in this direction.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide