Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Need help with ASA

hello All,

Recently i purchased 2 ASA 5505 for my network. I am Having 2 Internet connections. I am connected ISP 1 to ASA 1 & ISP 2 to ASA 2.

I want to use ASA 1 For Site-to-Site VPN & ASA 2 for Internet Connection. I am also having Cisco Catalyst 3560 -24 Ports Switch in my network.

Is it possible to use both VPN & Internet links simulteniously from LAN. ??

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: Need help with ASA

sure, one easy way of doing it might be to set up static routing in the 3560 and have three "lan",

one lan for the internet asa to the 3560

one lan for the vpnasa to the 3560

one lan for the users and servers.

set up the vpn asa towards the remote site and default gateway towards the isp of that link just as usual.

set up the internet ASA towards internet just as you would do normally with its default gateway towards its isp

on the 3560 enable routing

set up static routing of the remote site networks towards the vpn asa

set up default gateway towards the internet asa.

thats it.

This is just one way of doing it.

good luck

HTH

3 REPLIES
Gold

Re: Need help with ASA

sure, one easy way of doing it might be to set up static routing in the 3560 and have three "lan",

one lan for the internet asa to the 3560

one lan for the vpnasa to the 3560

one lan for the users and servers.

set up the vpn asa towards the remote site and default gateway towards the isp of that link just as usual.

set up the internet ASA towards internet just as you would do normally with its default gateway towards its isp

on the 3560 enable routing

set up static routing of the remote site networks towards the vpn asa

set up default gateway towards the internet asa.

thats it.

This is just one way of doing it.

good luck

HTH

New Member

Re: Need help with ASA

hey,

Thanks for reply.

I have one request. if u dont mind can u please explain me this case with example ?

Please.

Thanks

Gold

Re: Need help with ASA

Green line = traffic destined for Internet

Red line = traffic destined to 192.168.4.0 through vpn tunnel

3560

3 interfaces in routed mode on the 3560 and IP routing on.

interface 1 = default gateway for the local lan

interface 2 = routed interface towards the vpn gateway.

interface 3 = routed interface towards the internet gateway

3560 default gateway = the Internet FW Interface

192.168.4.0 is routed through the VPN fw interface

VPN Firewall default gateway = isp router

Internet FW default gateway = isp router

exchange the ip addresses for your own ip address scheme.

HTH

313
Views
0
Helpful
3
Replies