Two internet lines as a backup

Unanswered Question
Mar 29th, 2010

Dear all,

I have a small office with a simple network infrastructure consist of:

1. Switch as a LAN for the inside users.

2. CISCO firewall ASA 5510 after the switch before the internet.

3. Leased line as an internet line provided on modem but with ethernet interface, connected on outside switch with the outside interface of the firewall.

Every thing is working properly.

But, i bought another Leased line as an internet line provided on modem with ethernet interface also, and i want to connect it also at the same time for the above setup sothat both internet lines will be back up to each other.

So, any body have any idea how to do so.

Thanks a lot for your cooperation.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marwan ALshawi Mon, 03/29/2010 - 02:32

as long as you looking for a back you job is easy

i will assume you already have a default route setup in your firewall pointing to the existing Internet ip address in the modem

create another default route with higher metric point to the new inernet ip address next hope

but i think the problem is, if the modem interface LAN is up and Internet service is down the firewall will keep send the traffic and this will make blckholing

i think if you have a router connected to the internet links and the firewall behind the router you will have more options in term of loadbalncing or redundancy by using routing or IP SLA

good luck

if helpful Rate

Ahmed Yassin Mon, 03/29/2010 - 02:39

Ok, no problem, i can buy a new router according to your recommendation of which type.

But, if you please, can you tell me what exactlly the solution after adding router after the firewall to terminate the two internet lines at the same time, also tahe care that i have three published servers and i want them to be up on the two lines at the same time.

Thanks for your time.

Marwan ALshawi Mon, 03/29/2010 - 03:21

hi Ahmed

if you are going to a a router at the edge of the Internet you will be able to loadblance or to use redundancy over the two Internet links/ISPs

with the router as i mentioned above you can employ IPSLA IOS feature to monitor the link status by using for example icmp to the ISP next hope IP

of the IP become unreachable then the rouer will use the other ISP (backup) even if the modem LAN link to the router is up

this is one example

and you can you more complicated criteria

bellow is an example how to use IPSLA/PBR and NAT with an edge router using two differnt ISPs

keep in mind you not necessary use PBR or the same nat setup but this will give an idea about the features together

for accessing servers located behind the firewall this is a bit tricky because currently i will assume you have public IPs for these servers and you do NAT in the firewall to provide access to them from the Internet

these IPs provided to you lets say by ISP A

if you area going to have new link from ISP B they will give differnt public IP range

in this case you need to have a manual change when the main link is down

or you may consider to have DNS with an ISPand use te public IPs to map to your servers and i think this one a bit complicated

anyway have a look at the link and if you have any other question about the config just ask it here

good luck

Ahmed Yassin Mon, 03/29/2010 - 04:43

Ok, i can use normal route map on router and nat on it the public IPs from first ISP which is o/p of firewall to be natted to the other ISP public IPs sothat i don't want to make anything manually.

But, router 1841 has only 2 ethernet interfaces, so how i will track the two ISP interfaces as both of them are ethernet other than the interface connected to the outside interface of the ASA


This Discussion