Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
290
Views
1
Helpful
2
Replies

ASA 5510 with double connection

battanc
Level 1
Level 1

‎03-21-2013 09:35 AM - edited ‎03-11-2019 06:17 PM

Customer with an internal network with several VLAN, Switch Layer-3 and Firewall.

VPN L2L with site B.

Now I need to add a leased line that directly connect site A with site B.

To protect my Network, I would like to connect this leased line to a new DMZ of my ASA.

No problem to manage the route on the Firewall.

The question is: can I keep the VPN as BackUp, in case of failure of the leased line ?

Can I track (with SLA monitor) the response of the leased line ?

Or the only way is to connect the leased line directly to the Layer-3 Switch (Cisco-3925), losing the Firewall protection on this line ?

Attached a scheme that can help you understand.

Best regard,

Claudio

Labels:
Preview file
109 KB
0 Helpful
2 Replies 2

Andrew Phirsov
Level 7
Level 7

‎03-21-2013 12:31 PM

I think it's ok to connect leased line to another interface. I would only call that interface not DMZ, but smth like outside2 just for it to be more logical.

You will have to configure static route on your leased line towards the subnet on site B and do the tracking for that interface. And that static route would be preferred by default for that subnet, as soon as for ISP-line you're using just default route. In case of failure of leased line traffic to site B will match the default route, fall into crypto-map and get sent throug the vpn-tunnel.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card