07-09-2010 10:21 AM - edited 03-11-2019 11:09 AM
I think I know the answer to this but I want to run it by the forum.
I have an office that is on DSL with the highest speed available. The problem is that it is not fast enough. Currently, the one DSL has a site to site VPN tunnel to our HQ and works perfectly.
My question(s) is this:
Can I use another interface on the ASA 5505 (eth0/1 or int vlan3 for example) and configure it for another DSL circuit? I believe I could by assigning it the proper public ip, add another route outside statement for the second default gateway and of course, set up another tunnel-group (and match it on the HQ side as well). If I am on the right path, I would assume this would load balance the traffic?
Thanks,
STP
07-09-2010 01:07 PM
Hello,
You can certainly add a second DSL line and establish another tunnel to the remote network. However, I am not certain about the load-balancing part. If you run routing protocol over the VPN tunnel and ensure that the cost to the remote destination is equal through both paths, then the firewall can load-balance between the paths. However, if you are planning to configure static routes, I think that may not work.
Hope this helps.
Regards,
NT
07-09-2010 01:34 PM
Thanks for the quick reply! I will dig deeper into the load balancing issue. If that doesn't work I may have to
"do some patchwork". By that I mean creating another inside interface with a separate private ip scheme and add a small switch so I can physically split the traffic.
Example
eth 0/1
nameif outside2 this would be second DSL line
public ip here
eth 0/2
nameif inside 2 this would attach to a small switch
private ip here
route outside whatever the second DG would be which would give me a second route
create more access-lists
add a second http line
and of course a second tunnel
do you think that would work?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide