We have Three ISP Link (20 Mbps each) at HO Location & respectively connected on three seperate Internet Router below them connected to three Cisco ASA. we have published many application like web, SAP, mail on these links.Also we have IPSec VPN connectivity between HO to Branch Location through Cisco ASA to Cisco ASA.we have configured IPSec VPN on 1st ISP over cisco ASA.
My two pain area.
1. in case of 1st ISP goes down then Branch location down.
2. in case of any ISP goes down then web application which are published on that ISP, is not accessible from out side.
3. is there any way to make all three ISP in a single group/Link (20MBX3= 60 Mbps)..
Please suggest what will be the best possible way to achive maximum network performance & uptime.
It's very likely that you can't use the three lines as one aggregated big pipe. For that to work all three line have to come from the same ISP and there has to be a product offered by the ISP for that. In that case you would get one common IP-block for all lines and not one per connection.
You could improve the availability in the following way:
1) Build a FO-system with two ASAs.
2) Configure three outside interfaces for backup-ISP-operation. One interface has to be choosen to use the active default route for all your outgoing traffic.
3) Use the two other links for your incoming traffic. Both links can be used simultaniously.
4) The other links can also be used for the VPN-connection in a active/backup-manner.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :