3 WAN Connections on a Router

Unanswered Question
Apr 25th, 2012

Hi everyone,

We are having 3 internet connections coming in to one of our customer's main offices for redundancy and etc. I would like to replace the 3 routers with a one for easier support and management. One of the connections is an ADSL and the other 2 are leased lines so they terminate with an RJ45 connection.

Would something like a Cisco 2911 + HWIC ADSL card be sufficient enough or would you recommend something else?

Many thanks,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (4 ratings)
Dmitry Golovenkin Wed, 04/25/2012 - 04:43

Thank you,

Would you suggest an ASA firewall behind that as well or simply get a license for an IPS on that router?

Paolo Bevilacqua Wed, 04/25/2012 - 04:56

No ASA is required neither recommendable where you have a router. That is because the  router can optionally be configured to be a firewall, moreover its much easier to configure and troubleshoot, it has much much more features, and it doesn't have all the confusing licensing requirements as the ASA.

Vasileios Bouloukos Wed, 04/25/2012 - 04:54

This is also depends on the money that you can spend and future needs...

Definetely an ASA is preffered over a router with FWL capabilites.

This would reduce the load of you router, improve the performance and can have additional security features

Dmitry Golovenkin Wed, 04/25/2012 - 04:58

The customer is now looking to get 3 leased lines, normally they provide a cisco router with a leased line. I guess my question would be then if they just need an ASA rather than a router?

Vasileios Bouloukos Wed, 04/25/2012 - 05:06

A router it's a device designed to route packets, meanwhile a firewall it's designed to filter traffic.

Moreover, a router has normally interfaces that a firewall does not have. It's hard to find a firewall with ATM or Serial interfaces to connect it to the WAN. So, in such cases you'll need a router l to connect your network to the ISP.

Hope that helps,


Dmitry Golovenkin Wed, 04/25/2012 - 05:09

Thank you Vasileios, but if I have 3 routers already provided by the ISP and their are Cisco 2911s then I would need to get an ASA to do the route decisions and traffic filtering and etc?

Customer would use one line for general internet, second for site-to-site VPN and 3rd as a backup.



Vasileios Bouloukos Wed, 04/25/2012 - 14:06

In this setup and  if you have to use the three routers, a solution to add a FWL connected to the routers which will be  responsible to filter the traffic and provide basic routiing towards the 3 routers seems ok.

Just consider, since the resilience is critical for your customer according to your post if you need to have to  2 FWLs for





Dmitry Golovenkin Wed, 04/25/2012 - 05:10

This is what the customer says:

We currently have one from eclipse which is a Cisco (The same as what you quoted us for). However, we aren't allowed any management access to this, so I assume it will be the same kind of thing.

What we are generally looking for is a router that can support all 3 connections, so if a connection goes down it switches to the next one automatically.

We have had some issues here the past few days, our gateway server went down yesterday and had to be re-built, which meant we had no internet all day.

That is the reason my manager is now pushing to get things upgraded, as we cannot afford outages such as that to happen.

Paolo Bevilacqua Wed, 04/25/2012 - 15:28

When you have multiple conenctions and want advanced routing and features, use a router not a firewall.

And also for security, a router is safe as a firewall is.

Dmitry Golovenkin Thu, 04/26/2012 - 00:33

Many thanks for all your help guys!

I am probably going to go with 2 2911 routers with IPS modules and an ESW switch in front of them for failover between the routers. Hopefully the client can stretch his budget!

Paolo Bevilacqua Thu, 04/26/2012 - 03:08

I would skup the IPS modules. They introduce a lot of complexity and cost for little or no actual benefit.

Also having a single switch introduce a single point of failure. Just connect one or two router to the circuits and be done.

Overengineering simple things is a major and common mistake in networking.


This Discussion

Related Content