Cisco Support Community
This article explains the configuration of the WAN mode to determine how multiple Internet Service Provider (ISP) links can be used. It is possible to configure two ISP links, one for the optional port and one for the dedicated WAN port on SA540 Security Appliances. Usage of these links depends upon the configuration of the WAN mode.
Note: For more information on how to configure the optional port mode as WAN, please refer to the article: Configuration of Optional Port Protocol Bindings on SA540 Security Appliance.
• SA540 Security Appliance
Configure WAN Mode
Step 1. Log in to the Security Appliance Configuration Utility and choose Networking > Optional Port > WAN Mode. The WAN Mode page opens:
Step 2. Choose a radio button from the Port mode area to define how the optional port is used.
• Autorollover with Primary Port as — Autorollover is a method in which one WAN port can be used as a primary link and another WAN port can be used as a backup link. When the primary link fails then the traffic is loaded to the backup. Choose Optional Port or Dedicated WAN as a primary link. The port which is not selected acts as a backup link.
– Dedicated WAN — Choose Dedicated WAN as primary link from the Autorollover with Primary Port as drop-down list
– Optional WAN — Choose Optional WAN as primary link from the Autorollover with Primary Port as drop-down list
Note: Usage of Autorollover method is possible only when two WAN ports are available.
• Load Balancing — To enable Load Balancing method click radio button next to Load Balancing. In load balancing both the WAN ports are used to send traffic simultaneously. Protocols are bound to WAN ports through which data transfers. These protocol bindings can be set using the Protocol Bindings link in the Load Balancing field.
Note: If the WAN connection is set to an idle timeout then load balancing does not apply. For more information on Protocol Bindings, please refer to the article: Configuration of Optional Port Protocol Bindings on SA540 Security Appliance.
• Use only single WAN port — Click radio button next to the Use only single WAN port to enable Use only single WAN port mode. This method uses only one WAN port to send traffic. When Use only single WAN port method is enabled, the WAN Failure Detection Method disables. Choose the WAN port that is connected to an ISP: Dedicated WAN or Optional WAN from the Use only single WAN ports drop-down list. This option might be useful for debugging connection issues.
Timesaver: If the Use only single WAN port option was chosen in Step 2, skip to Step 6.
Step 3. When Load Balancing or Autorollover options are enabled, choose one of the WAN failure detection methods. Choose a radio button to define the WAN Failure Detection method.
• None — No WAN detection method is used.
• DNS lookup using WAN DNS Servers — This method is used to detect a WAN failure link using DNS Servers. For more information on DNS Servers, please refer to the article: Perform a DNS Lookup for SA540 Security Appliance.
• DNS lookup using these DNS Servers — This method is used to detect WAN failure link by manually providing the IP address of the method.
– Dedicated WAN — Enter the DNS server IP address for the Dedicated WAN in the Dedicated WAN field.
– Optional WAN — Enter the DNS server IP address for the Optional WAN in the Optional WAN field.
Note: If Dedicated WAN was chosen as the Autorollover primary port, then only the Dedicated WAN field is enabled.
• Ping these IP addresses — WAN failure link is detected by the use of pings.
– Dedicated WAN — Enter the IP address in the Dedicated WAN field to ping IP address from the Dedicated WAN.
– Optional WAN — Enter the IP address in the Optional WAN field to ping IP address from the Optional WAN.
Step 4. Enter the time in seconds the security appliance will run the configured failure detection method in the Retry Interval is field.
Step 5. Enter the number of failures in the Failover after field. The number of failures refers to the number of times a WAN connection is not detected. Once the limit in this field is reached, the device will perform a failover.
Step 6. Click Apply to save the configuration.