2 ASA 5510's and multiple internet connections

Unanswered Question

We have implemented multiple ASA 5510's. One with the AIP module and the other will have the CSC module. We have two bonded T1 lines but we want to implement a faster internet connection .


Here is the reason we would like to implement a faster connection. Our users use several web based applications. Some are inhouse and the others are SAS applications and thus internet traffic is really slow. So for the mean time until our faster connection arrives, we thought we could possibly do the following if possible


1. Order a faster internet connection (cable) for web browsing for the users and have them still have the ability to access the internal LAN


2. Leave our existing connection as is to service mail servers, websites, etc.


We have been told of load balancers and about purchasing another router, etc...So wanted to find out if this is possible to do with the two ASA 5510's


Thank you


Jose DeLeon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Glenn R Tue, 09/07/2010 - 06:12
User Badges:

What kind of switches do you have on the LAN ?

Panos Kampanakis Tue, 09/07/2010 - 13:31
User Badges:
  • Cisco Employee,

If you have 2 T1s, I am not sure how you can make your lines faster. The bandwidth you have is limited.


Do you mean that you want to use both lines lead balancing between the ASAs having both pass traffic?

Hmmm, that can be done in an with multi-context ASA set up. You have 2 contexts on the ASAs. One context is passing traffic through one T1, and the other is passing traffic for the other T1. That way you are utilizing both contexts connected to 1 T1 each. Of course they will need to be some Policy Based routing/or Routing setup in general so that half the traffic goes to one context and the rest to the other.If the ASA's are doing VPN, you cannot go to multi-context mode though.


I hope it helps.


PK

golly_wog Tue, 09/07/2010 - 15:46
User Badges:

Hi


If I read your Q correctly..


Long story short to your answer is "no", unless..you know the destination address of the Web based applications, you could define static routes for these and then send all other traffic over your fast connection.

Panos Kampanakis Wed, 09/08/2010 - 06:41
User Badges:
  • Cisco Employee,

If I read your Q correctly..


Long story short to your answer is "no", unless..you know the destination address of the Web based applications, you could define static routes for these and then send all other traffic over your fast connection.


You are right. Unless you have a way to distinguish what traffic takes one path and what the other you can't do it. So you would need to distinguish the destinations for example, or the destination ports (services) that go one way and the other in order to segment the traffic like that.


I hope it makes sense. Please rate helpful posts.


PK

abinjola Tue, 09/07/2010 - 21:36
User Badges:
  • Cisco Employee,

ASA not a load balancer, but if you can clarify that you need outbound

http traffic from T1 line and rest of the traffic from T2 line than I can give you a workaround

Actions

This Discussion