Our company currently uses a Cisco ASA 5510 and we have two internet connections working solid -- one (cable) as primary, one (DSL) as backup. We also have a third internet connection that is dedicated to our SIP phones. Currently we host our own in-house PBX, which connects to our internal network through a switch connected to the ASA, but has a second NIC connected directly to our third internet connection (a leased line with an SLA attached). We would like to move to an external hosted PBX solution, but still keep the dedicated internet connection for our phones.
To clarify, we'd like to keep our primary and backup connections, and add a third active connection through which we would route all SIP traffic.
Is it possible for us to do that with the 5510? If so, how would I go about setting that up?
Unfortunately the ASA-5510 lacks certain routing features such as Policy-based Routing that would be an easy solution for what you want to accomplish. Here is a good writeup of some other possible scenarious and solutions
Cisco is very adamant about the ASA not being a router. This means it will not do policy based routing nor such simple things as ICMP redirect. There have been many years worth of requests for such simple feature updates but Cisco ignores them and uses the line that a firewall should be firewalling.
That said, there are many excellent Internet load sharing devices out there. The three that I have placed at many customer sites are: Elfiq, Barracuda and XRoads. Since Cisco doesn't want to be doing all-in-one stuff with their firewalls then the only choice is to use a dedicated appliance. This is a much stronger solution than using a router and doing policy based routing since these types of appliances are specifically slated for Internet load sharing and do not have the speed limitations per cost of a Cisco router.
It should be noted that I do recommend the ASA as the first choice in firewalls. Good luck in your endeavors.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...