I have two campuses, each with their own 100Mbps Internet connection, that I would like to configure for Internet redundancy.
My current setup consist of a split class C address block where we route addresses 184.108.40.206 - .128 to campus A and addresses 220.127.116.11-.254 to campus B.
I am wanting to do an active/active type configuration so that both connections can be equally utilized during normal operating conditions, so that failover is in place during an outage at one campus. Do note that I am using the same ISP for both connections. I am thinking that I'll need (2) ASA5520's to do this. What I'm a little uncertain of is how I need to configure the equipment behind the firewall to support this type of configuation.
Do note that I am open to any other suggestions in regards to my redundant Internet solution. Any ideas would be great.
You can use the two ASAs to firewall your internet connections. Then configure them to inject default routes into OSPF on the inside on the network. This will take care of your outbound traffic.
Since you are using the same provider for both connections you can have them add floating statics for you public blocks so that 18.104.22.168/25 can be routed to campus B in the event of an outage and vice versa. This will take care of your inbound routing.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...