09-04-2010 03:14 PM - edited 03-11-2019 11:35 AM
We have implemented multiple ASA 5510's. One with the AIP module and the other will have the CSC module. We have two bonded T1 lines but we want to implement a faster internet connection .
Here is the reason we would like to implement a faster connection. Our users use several web based applications. Some are inhouse and the others are SAS applications and thus internet traffic is really slow. So for the mean time until our faster connection arrives, we thought we could possibly do the following if possible
1. Order a faster internet connection (cable) for web browsing for the users and have them still have the ability to access the internal LAN
2. Leave our existing connection as is to service mail servers, websites, etc.
We have been told of load balancers and about purchasing another router, etc...So wanted to find out if this is possible to do with the two ASA 5510's
Thank you
Jose DeLeon
09-07-2010 06:12 AM
What kind of switches do you have on the LAN ?
09-07-2010 01:31 PM
If you have 2 T1s, I am not sure how you can make your lines faster. The bandwidth you have is limited.
Do you mean that you want to use both lines lead balancing between the ASAs having both pass traffic?
Hmmm, that can be done in an with multi-context ASA set up. You have 2 contexts on the ASAs. One context is passing traffic through one T1, and the other is passing traffic for the other T1. That way you are utilizing both contexts connected to 1 T1 each. Of course they will need to be some Policy Based routing/or Routing setup in general so that half the traffic goes to one context and the rest to the other.If the ASA's are doing VPN, you cannot go to multi-context mode though.
I hope it helps.
PK
09-07-2010 03:46 PM
Hi
If I read your Q correctly..
Long story short to your answer is "no", unless..you know the destination address of the Web based applications, you could define static routes for these and then send all other traffic over your fast connection.
09-08-2010 06:41 AM
If I read your Q correctly..
Long story short to your answer is "no", unless..you know the destination address of the Web based applications, you could define static routes for these and then send all other traffic over your fast connection.
You are right. Unless you have a way to distinguish what traffic takes one path and what the other you can't do it. So you would need to distinguish the destinations for example, or the destination ports (services) that go one way and the other in order to segment the traffic like that.
I hope it makes sense. Please rate helpful posts.
PK
09-07-2010 09:36 PM
ASA not a load balancer, but if you can clarify that you need outbound
http traffic from T1 line and rest of the traffic from T2 line than I can give you a workaround
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: