06-22-2014 10:55 PM - edited 03-11-2019 09:21 PM
Dear all
I have 2 internet line (Leased line and ADSL line ).Now my requirement is In ASA 5512 in the top of network with IPS . I have 6 vlans in the core switch .
In 1 Vlan Passing to internet Traffic to normal ADSL Line .and all other Vlans and traffic going to leased line .Is it possible ?? it's not failover and its not primary and secondary .
Our goal :leased line remaining 5 vlans carry
ADSL line only one vlan carry to for browsing .
Pls give me your valuable thoughts and ideas...
Solved! Go to Solution.
06-23-2014 12:50 AM
Hi Sheik,
ASA doesn't support load balancing or splitting the traffic over two different WAN links. You can make one primary and other as a backup.
HTH
Regards
Karthik
06-23-2014 05:59 AM
HI Sheik,
Yes you can do this.
In your case since all your servers will be connected through leased line and internet through adsl link, you can terminate both links on firewall's two interfaces. All traffic from your all vlans to servers will be routed via leased line (you will need to configure static routes for all servers' range via leased line and a default route for internet via adsl link. You can control internet access for all vlans through access-list on firewall.
06-23-2014 12:50 AM
Hi Sheik,
ASA doesn't support load balancing or splitting the traffic over two different WAN links. You can make one primary and other as a backup.
HTH
Regards
Karthik
06-23-2014 01:25 AM
Hi Karthi
Are you sure ?? becaz customer needed LAN internet packets going to ADSL .
Servers and other vlan traffic going to Leased line Connection .
Pls Make sure whether this scenario what i will do ??If ASA will not do what we can do this customer requirement ?
06-23-2014 02:12 AM
Hi Sheik,
As per my knowledge through ASA you cannot achieve it.
This is not possible with your present topology.
HTC
Regards
Karthik
06-23-2014 07:18 AM
Hi Karthik,
I had read a cisco document as below, it stated 9.0 support PBRi:-
http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ha_cluster.html#pgfId-1943033
Do you have any idea whether the cisco guide is correct as there is no sample configuration can be refer.
Thanks.
Loh
06-23-2014 11:19 PM
Hi,
I get through the command refernce of cisco asa 9.x version.
06-24-2014 02:14 AM
Also you need to have the dynamic routing in place if you want to use route-maps in ASA..... either OSPF or BGP. BGP is available in recent IOS versions..... but you need to have the ISP routers also should support the dynamic routing protocols..... in your case ADSL modem will not do as such i guess.... We can try to tweak something to work.... but not sure or guarantee about this.....
HTH
Regards
Karthik
06-24-2014 05:10 AM
06-23-2014 05:14 AM
Hi Sheik,
Can you confirm me if your both links (Leased and ADSL) are terminated on firewall? Are all the traffic going through leased line are private IPs or unspecified? Have you got any public IP pool with both links?
Also can you share me configuration of firewall so that I can suggest you a possible solution to achieve what you want to.Also share me the details of each vlan's IP details.
06-23-2014 05:43 AM
Hi Rahul
its existing setup ,but i will purchase a new 5512 firewall with IPS .they have 2 isp's...
Leased line already configured the firewall .now they taken a ADSL line for internet browsing .
Leased line only for Servers and other vlans.
ADSL Line Only browsing purpose can we configure to Local Users ...
I didn't started the work .Just asking a doubt .whether it is possible or not?? but when i contact one supplier they says is possible .
06-23-2014 05:45 AM
yes leased line directed connected but ADSL connection routed mode.
yes i have public ip pool for leased line . in ADSL i will not confirmed whether they will get fixed ip .
06-23-2014 05:50 AM
Please confirm the ASA 5515-X can support Two Internet Lines routing to two different Vlans (Server, Client).
06-23-2014 05:59 AM
HI Sheik,
Yes you can do this.
In your case since all your servers will be connected through leased line and internet through adsl link, you can terminate both links on firewall's two interfaces. All traffic from your all vlans to servers will be routed via leased line (you will need to configure static routes for all servers' range via leased line and a default route for internet via adsl link. You can control internet access for all vlans through access-list on firewall.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide