We have a 3725 router, two ISP's, one is wired and one is wireless. We also have an ASA5520 firewall in place inside the router.
We would like to have failover and also traffic balancing. For example, inbound traffic to our company we want that traffic to come in the wired ISP and all of our outbound traffic to the internet we want to go out the wireless.
Is this possible with our current 3725 and ASA? If so, what must be done, in brief explanation? If not, what our the options for us like buying a new router or a device like BigIP or something similiar?
I don't think you can have such a setup. Since you don't have the control on incoming traffic you can't have a link used ony for receiving traffic.
Additionally youhave mentioned that you have got internet connectivity from Two ISPs one wired and another wireless. What you can do is send and receive traffic through both the links if the wireless router supports NAT.
Other wise insert an additional router between the 3700 and the wireless router capable of doing NAT.
Have two default routes on 3700. Configure SAA probes to track wireless link, associate it with the default route for wireless link and let each router do NAT individually.
Install the Router in front of the Cisco ASA. Terminate the two ISPs on the router and not ASA. However, you will need one of your ISPs to create a transit subnet with your route and route the public subnet over to your router transit interface.
On the ASA you can NAT the hosts to which ever subnet you want from both ISPs. The ISPs will provide you with two different public subnets. So you can manage the NAT for internal hosts on which ever subnet you like.
The router will get the traffic from the ASA with public subnets. According to the public IP translated on the ASA the router can decide on which ISP to send the traffic. Therefore, you configure PBR on the interface terminating to the ASA to route traffic from ISP1 public subnet to the ISP1 next hop and ISP2 public subnets to ISP2 next hop.
Automatic failover is not feasible because the routes to the subnets from the internet is controlled by BGP peering/routing on the ISP sides. However, you will be able to quickly modify the NAT On the ASA which will direct traffic to the ISP you want.
R1-----F0/0: IP from ISP2 transit subnet |
| F0/1:IP from ISP1
| E0/0:IP from ISP1
Default route is R1 F0/1 IP
Hope this helps and appreciate your rating,
Remark: The router should have a static route for the ISP2 public subnet to the ASA for traffic coming back.
Sorry I am in a hurry maybe I am not that clear. It is a complex solution but I have it working for many customers. We keep public services on one ISP and users traffic on another ISP.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...