Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Configuring ASA - PIX with 2 internet connections.

Hello,

I need to configure an additional Internet link to my pix firewall. I have only one existing internet link that i already working for all functions in the organization.

The second internet connection will be used only by a group of users to a particular website.

The same ISP is providing both internet links and the same DNS servers will be used for both internet links.

There is a default route for he first internet link with the next hop being the interface of the router for the first link.I have created a static route for the second link with specific source and destination with the next hop being the router to the second link.

NAT is fine, from my client PC i can ping to the second link when the first outside interface is shut. But is can't browse the website. It looks like all traffic follows the first link.

There is a switch in between the PIX and both routers, but with diff

Thanks Winnie.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Community Member

Re: Configuring ASA - PIX with 2 internet connections.

Hi,

As I know, the ASA cannot load share between two links, you can configure the second line as a backup line, that will work only when the first line goes off, see the linl below :

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

if you want to use both lines at the same time, you need to use a router, the router can load balance between two lines.

regards

Community Member

Re: Configuring ASA - PIX with 2 internet connections.

Hi,

you can connect the router to the two lines, and put the firewall behind the router, by this you will get load balance and secure your network.

regards

10 REPLIES
Community Member

Re: Configuring ASA - PIX with 2 internet connections.

Hi,

As I know, the ASA cannot load share between two links, you can configure the second line as a backup line, that will work only when the first line goes off, see the linl below :

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

if you want to use both lines at the same time, you need to use a router, the router can load balance between two lines.

regards

Community Member

Re: Configuring ASA - PIX with 2 internet connections.

Thanks so much, what other technology or firewall can i use because i need to secure my network using a firewall. If i use a router the security will be compromised.

Community Member

Re: Configuring ASA - PIX with 2 internet connections.

Hi,

you can connect the router to the two lines, and put the firewall behind the router, by this you will get load balance and secure your network.

regards

Community Member

Re: Configuring ASA - PIX with 2 internet connections.

You can use an IOS Firewall router, instead of one that doesnt have the IOS Firewall feature-set. With the features that come with this you can improve your security.

Mark Senteza

Community Member

Re: Configuring ASA - PIX with 2 internet connections.

Hi,

But the IOS firewall router does not provide the advanced security features that the ASA can. it does basic firewalling only. Also you need to take the performance issue into consideration, specially if you have large network. For best results in routing and security , you need to use seperate device for each.

regards

Community Member

Re: Configuring ASA - PIX with 2 internet connections.

Thanks guys, this is helpful information.

i will try to implement the best way possible.

Community Member

Re: Configuring ASA - PIX with 2 internet connections.

Hello,

I think that, I mean in the router, you can do Policy-based Routing (PBR) and with that you can do “load shares”, but that's a possibility… you have to tried.

You put the too public IPs in the outside interface of the firewall (ASA or PIX) doing NAT (policy NAT) with a unique default gateway.

Then you can do PBR in the router.

Rui Capao

Community Member

Re: Configuring ASA - PIX with 2 internet connections.

Thats true, it doesnt provide the advanced security features that an ASA or PIX would.

Sorry not to make it clear, but i had meant that the router you had mentioned connecting the two lines to that sits infront of the firewall can be an IOS Firewall router. Then keep the firewall too.

I believe that a router with an IOS Firewall feature set gives you more possibilities for basic first line defence on the perimeter network even before the traffic hits the external interface of the firewall sitting behind it.

Community Member

Re: Configuring ASA - PIX with 2 internet connections.

hi i have seen the link that you have given to configure the pix with a backup link. i have one more question based on this. can i have a back up site to site vpn like this. i will make it clear. my primary site to site vpn will work through ISP 1 and if the ISP 1 fails can i configure a backup site to site vpn using another ISP in the same box.

Community Member

Re: Configuring ASA - PIX with 2 internet connections.

Hello,

I think you can.

First, you have to configure the PIX with “dual ip”, to have a backup isp, in this case isp2.

Then, you have to configure the VPN, point to point, the backup VPN, between the public ip of the isp2 and the public ip of the other site.

But this have a disadvantage, you lose the VPN section to the other site for a wile, and then when the backup VPN is established you can have connection to the other site again. This could be a problem or not, it depends of what you need.

Rui Capao

217
Views
0
Helpful
10
Replies
CreatePlease to create content