03-29-2010 02:08 AM - edited 03-04-2019 07:57 AM
Dear all,
I have a small office with a simple network infrastructure consist of:
1. Switch as a LAN for the inside users.
2. CISCO firewall ASA 5510 after the switch before the internet.
3. Leased line as an internet line provided on modem but with ethernet interface, connected on outside switch with the outside interface of the firewall.
Every thing is working properly.
But, i bought another Leased line as an internet line provided on modem with ethernet interface also, and i want to connect it also at the same time for the above setup sothat both internet lines will be back up to each other.
So, any body have any idea how to do so.
Thanks a lot for your cooperation.
03-29-2010 02:32 AM
as long as you looking for a back you job is easy
i will assume you already have a default route setup in your firewall pointing to the existing Internet ip address in the modem
create another default route with higher metric point to the new inernet ip address next hope
but i think the problem is, if the modem interface LAN is up and Internet service is down the firewall will keep send the traffic and this will make blckholing
i think if you have a router connected to the internet links and the firewall behind the router you will have more options in term of loadbalncing or redundancy by using routing or IP SLA
good luck
if helpful Rate
03-29-2010 02:39 AM
Ok, no problem, i can buy a new router according to your recommendation of which type.
But, if you please, can you tell me what exactlly the solution after adding router after the firewall to terminate the two internet lines at the same time, also tahe care that i have three published servers and i want them to be up on the two lines at the same time.
Thanks for your time.
03-29-2010 03:21 AM
hi Ahmed
if you are going to a a router at the edge of the Internet you will be able to loadblance or to use redundancy over the two Internet links/ISPs
with the router as i mentioned above you can employ IPSLA IOS feature to monitor the link status by using for example icmp to the ISP next hope IP
of the IP become unreachable then the rouer will use the other ISP (backup) even if the modem LAN link to the router is up
this is one example
and you can you more complicated criteria
bellow is an example how to use IPSLA/PBR and NAT with an edge router using two differnt ISPs
keep in mind you not necessary use PBR or the same nat setup but this will give an idea about the features together
for accessing servers located behind the firewall this is a bit tricky because currently i will assume you have public IPs for these servers and you do NAT in the firewall to provide access to them from the Internet
these IPs provided to you lets say by ISP A
if you area going to have new link from ISP B they will give differnt public IP range
in this case you need to have a manual change when the main link is down
or you may consider to have DNS with an ISPand use te public IPs to map to your servers and i think this one a bit complicated
anyway have a look at the link and if you have any other question about the config just ask it here
https://supportforums.cisco.com/docs/DOC-8313
good luck
03-29-2010 04:43 AM
Ok, i can use normal route map on router and nat on it the public IPs from first ISP which is o/p of firewall to be natted to the other ISP public IPs sothat i don't want to make anything manually.
But, router 1841 has only 2 ethernet interfaces, so how i will track the two ISP interfaces as both of them are ethernet other than the interface connected to the outside interface of the ASA
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: