https://community.cisco.com/t5/network-security/multiple-wan-connections-one-firewall/m-p/1365478#M744857 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>It will best if you terminate your ISP links in router and do a Policy based routing based on the incoming traffic from LAN.I would suggest you to make setup in the below manner</P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ISP1 -----</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Router---ASA--Local LAN</P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ISP2 -----</P><P></P><P></P><P>In this fashion you can configure load balancig of ISP and you can track the failure of ISP using IP SLA configuration in cisco routers.With the above setup only trusted traffic will be allowed in local lan which will be filtered by ASA.</P><P></P><P>Check out the below link on PBR to implement in routers</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009481d.shtml">http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009481d.shtml</A></P><P></P><P>Hope that clear out your query !!</P><P></P><P>Regards</P><P>Ganesh.H</P></BODY></HTML> Thu, 14 Jan 2010 08:07:21 GMT Ganesh Hariharan 2010-01-14T08:07:21Z https://community.cisco.com/t5/network-security/multiple-wan-connections-one-firewall/m-p/1365476#M744855 <P>I am not sure if this is possible, and if it is, I am then not sure how this would be accomplished:</P><P></P><P>We will have 3 separate WAN connections provided by 3 separate ISP's coming into our office.&nbsp; How may I set it up so that all three are firewalled using one ASA 5510?&nbsp; I was told in passing that I could "just run them all through an edge router" then run that into the firewall, but upon further research, most routers are set to accept 1 WAN feed.&nbsp; Is it possible to put a standard router outside of the firewall to combine the connections?&nbsp; If so, what are the perils involved?&nbsp; </P><P></P><P>We currently have 2 WAN connections with a small Watchguard appliance on each.&nbsp; It would be nice to have one firewall appliance (the ASA 5510) and one edge router appliance (re-commission one of the Watchguards or another small router) to handle the whole situation.&nbsp; </P><P></P><P>Obviously I am not a network administrator, but rather the "computer guy"...so naturally I am expected to wave my standard-issue magic "computer guy" wand and make it happen...that or press the "Any" key.&nbsp; So please forgive my lack of knowledge on the subject.</P><P></P><P>Steve</P> Mon, 11 Mar 2019 16:57:17 GMT https://community.cisco.com/t5/network-security/multiple-wan-connections-one-firewall/m-p/1365476#M744855 steve.hassell 2019-03-11T16:57:17Z https://community.cisco.com/t5/network-security/multiple-wan-connections-one-firewall/m-p/1365477#M744856 <HTML><HEAD></HEAD><BODY><P>What is the reason for 3 ISPs?</P><P>Redundancy or</P><P>Load balancing?</P><P></P><P><SPAN>Either way the ASA does not support this and you can read this thread there: </SPAN><A class="jive-link-message-small" href="https://community.cisco.com/message/894921#894921">https://supportforums.cisco.com/message/894921</A></P><P></P><P>You can use a router like you are thinking and do route tracking for redundance or PBR for load balancing.</P><P></P><P>-KS</P></BODY></HTML> Wed, 13 Jan 2010 18:31:41 GMT https://community.cisco.com/t5/network-security/multiple-wan-connections-one-firewall/m-p/1365477#M744856 Kureli Sankar 2010-01-13T18:31:41Z https://community.cisco.com/t5/network-security/multiple-wan-connections-one-firewall/m-p/1365478#M744857 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>It will best if you terminate your ISP links in router and do a Policy based routing based on the incoming traffic from LAN.I would suggest you to make setup in the below manner</P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ISP1 -----</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Router---ASA--Local LAN</P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ISP2 -----</P><P></P><P></P><P>In this fashion you can configure load balancig of ISP and you can track the failure of ISP using IP SLA configuration in cisco routers.With the above setup only trusted traffic will be allowed in local lan which will be filtered by ASA.</P><P></P><P>Check out the below link on PBR to implement in routers</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009481d.shtml">http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009481d.shtml</A></P><P></P><P>Hope that clear out your query !!</P><P></P><P>Regards</P><P>Ganesh.H</P></BODY></HTML> Thu, 14 Jan 2010 08:07:21 GMT https://community.cisco.com/t5/network-security/multiple-wan-connections-one-firewall/m-p/1365478#M744857 Ganesh Hariharan 2010-01-14T08:07:21Z