Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Multi-homed internet connection

I have the following components, ISA Server, two standalone PIX firewalls, two internet routers (800 series)

Currently only one router is being used for internet access.

We now have a second internet DSL connection and want to use one connection for exclusive use of buisiness critical applications, the other connection will be used for general internet browsing. The "problem" is that all clients use the ISA server as gateway. Normally I would implement something like a route-map to set the next-hop...

thanks in advance for any feedback

4 REPLIES

Re: Multi-homed internet connection

Hi,

Does the third Internet connection terminates on the same router, or it has seperate router?

I am assuming the default GW for the ISA is the Active pix and the Pix points to one of the routers.

The Security Appliance doesnt support PBR , and would therfore PBR has to be implemented on the router terminates both connections and uses the ADSl connection for the critical application.

HTH

Mohamed

Community Member

Re: Multi-homed internet connection

>Does the third Internet connection terminates on the same router, or it has seperate router?

a seperate router (actually the second internet connection) no the third.

It's good to know that PBR is not supported on the PIX / ASA

Thanks for your input

Cisco Employee

Re: Multi-homed internet connection

Hello,


I see that you need to use ONE ( DSL ) internet line for normal internet surfing (port 80 traffic) and another line for business critical applications.

First of all,  I would like to inform you thatyou can not use your second ISP  ALONG with your primary ISP as Cisco ASA cannot do Policy Based Routing. Please check :

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item09186a00805b87d8.shtml#pbr

Now, since you need to send a FIXED port traffic to one circuit , we have a workaround developed for such cases :

nat (inside) 1 0 0

global (outside_1) 1 interface

global (outside_2) 1 interface

static (inside,outside_2) tcp 0.0.0.0 www 0.0.0.0 netmask 0.0.0.0

route outside_1  0 0 x.x.x.x //next hop router's IP address for ISP_1//

route outside_2 0 0 y.y.y.y  2 //next hop router's IP address for ISP_2 with an administrative Distance of 2 (higher than primary route)//

HTH

Vijaya

Community Member

Re: Multi-homed internet connection

Thanks for your input, I will try to setup of test environment before implementing this in production :-)

It's good to know that PBR is not supported on the PIX / ASA. Because I was thinking in this direction.

816
Views
0
Helpful
4
Replies
CreatePlease to create content