topic Re: Multi-homed internet connection in Network Security

Multi-homed internet connection

vergeerf — Mon, 11 Mar 2019 16:58:37 GMT

I have the following components, ISA Server, two standalone PIX firewalls, two internet routers (800 series)

Currently only one router is being used for internet access.

We now have a second internet DSL connection and want to use one connection for exclusive use of buisiness critical applications, the other connection will be used for general internet browsing. The "problem" is that all clients use the ISA server as gateway. Normally I would implement something like a route-map to set the next-hop...

thanks in advance for any feedback

Re: Multi-homed internet connection

Mohamed Sobair — Tue, 19 Jan 2010 13:57:54 GMT

Hi,

Does the third Internet connection terminates on the same router, or it has seperate router?

I am assuming the default GW for the ISA is the Active pix and the Pix points to one of the routers.

The Security Appliance doesnt support PBR , and would therfore PBR has to be implemented on the router terminates both connections and uses the ADSl connection for the critical application.

HTH

Mohamed

Re: Multi-homed internet connection

vilaxmi — Tue, 19 Jan 2010 14:41:11 GMT

Hello,

I see that you need to use ONE ( DSL ) internet line for normal internet surfing (port 80 traffic) and another line for business critical applications.

First of all, I would like to inform you thatyou can not use your second ISP ALONG with your primary ISP as Cisco ASA cannot do Policy Based Routing. Please check :

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item09186a00805b87d8.shtml#pbr

Now, since you need to send a FIXED port traffic to one circuit , we have a workaround developed for such cases :

nat (inside) 1 0 0

global (outside_1) 1 interface

global (outside_2) 1 interface

static (inside,outside_2) tcp 0.0.0.0 www 0.0.0.0 netmask 0.0.0.0

route outside_1 0 0 x.x.x.x //next hop router's IP address for ISP_1//

route outside_2 0 0 y.y.y.y 2 //next hop router's IP address for ISP_2 with an administrative Distance of 2 (higher than primary route)//

HTH

Vijaya

Re: Multi-homed internet connection

vergeerf — Sat, 23 Jan 2010 10:19:07 GMT

>Does the third Internet connection terminates on the same router, or it has seperate router?

a seperate router (actually the second internet connection) no the third.

It's good to know that PBR is not supported on the PIX / ASA

Thanks for your input

Re: Multi-homed internet connection

vergeerf — Sat, 23 Jan 2010 10:20:51 GMT

Thanks for your input, I will try to setup of test environment before implementing this in production 🙂

It's good to know that PBR is not supported on the PIX / ASA. Because I was thinking in this direction.