cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


4190
Views
10
Helpful
3
Replies
Highlighted
Beginner

Cisco ASA 5510 with 2 internet connections

Is it possible to have a Cisco ASA5510 with two internet connections performing as follows..

Internet A---------All traffic except LAN to LAN vpn

Internet B---------LAN to LAN vpn

I cant find anything definitive on google to say it will or wont, i know it cant do policy based routing.

Thanks

2 ACCEPTED SOLUTIONS

Accepted Solutions
Contributor

Re: Cisco ASA 5510 with 2 internet connections

Surely it's possible.

To perform this you should configure:

- default route (0.0.0.0) through the one interface, pointing to the Internet A ISP IP. With this, all you internal traffic to the Internet will go through that interface;

- specific route through the other iterface, towards the remote LAN, pointing to the Internet B ISP IP. All the vpn traffic will follow this route and this interface.

route outside 0.0.0.0 0.0.0.0 ISP_1_IP

route outside_VPN 192.168.10.0 255.255.255.0 ISP_2_IP

Beginner

Cisco ASA 5510 with 2 internet connections

I've done it a different way and used Proxy ARP so both subnets are useable on a single interface and its working well, thanks for your help though :-)

3 REPLIES 3
Contributor

Re: Cisco ASA 5510 with 2 internet connections

Surely it's possible.

To perform this you should configure:

- default route (0.0.0.0) through the one interface, pointing to the Internet A ISP IP. With this, all you internal traffic to the Internet will go through that interface;

- specific route through the other iterface, towards the remote LAN, pointing to the Internet B ISP IP. All the vpn traffic will follow this route and this interface.

route outside 0.0.0.0 0.0.0.0 ISP_1_IP

route outside_VPN 192.168.10.0 255.255.255.0 ISP_2_IP

Beginner

Re: Cisco ASA 5510 with 2 internet connections

Also you should configure your crypto to terminate on the interface, connected to the "Internet B" provider.

Otherwise you will have some kind of asymmetrical routing and your lan-to-lan VPN will not work.

Beginner

Cisco ASA 5510 with 2 internet connections

I've done it a different way and used Proxy ARP so both subnets are useable on a single interface and its working well, thanks for your help though :-)