06-08-2013 03:56 PM - edited 03-11-2019 06:55 PM
Hello,
I have a Cisco 5512 x Firewall connected with Cisco Layer 3 switch 3750.
I have two different WAN connections, one for Data and one for voice. Cisco Layer 3 switch is configured with 2 different VLAN's one for data & other is Voice Vlan. Switch is providing DHCP to computers and IP phones. Voice Pool 192.168.10.0/24 Vlan10 and Data pool 192.168.20.0/24 Vlan20.
I need to route my data & voice traffic seperately.
Cisco ASA is connected with two different ISP's. So, how can I do this configuration so that Voice and Data traffic will route seperately.
06-08-2013 07:25 PM
Hello Sr,
Well you cant do PBR on the ASA so u will need to trick the ASA for this to happen.
With NAT u would be able to send http traffic over one link and HTTPS over the other one ( not officially supported. Is more of a hack)
The other thing would be to route traffic based on destinations
Regards
Julio
Rate all of the helpful posts
Sent from Cisco Technical Support Android App
06-09-2013 09:10 AM
ASA 5512x
Wan Interface Outside1 : 203.123.33.105 255.255.255.248
Wan Interface Outside2 : 61.66.74.150 255.255.255.248
Lan Inside: 192.168.20.1 255.255.255.0
------------------------------------------------------------------------------------------------------
Switch 3750 Layer 3
Connected with ASA : 192.168.20.2 255.255.255.0
Voice VLan : 192.168.10.0/24
Data VLan : 192.168.20.0/24
------------------------------------------------------------------------------------------------------
Both outside intefaces are up.
I can route the data traffic coming from Data Vlan and traffic is routing through Outside1 interface perfectly.
Switch is configured with QOS and IP phones & lapotps are picking correct IP's through DHCP configured for both VLan. I can ping the ASA Lan inteface in switch from both VLan's.
Now I am facing following problems:
1. I am not able to ping between data and voice vlan's.
2. Voice traffic is not routing through Outside2 interface.
Can anyone please tell me which access-list and NAT policies I have to make for this topology.
06-09-2013 09:32 AM
Hello Ajay,
Okey,
Issue 1)
Both networks are behind the ASA, so make sure you have the same-security-traffc permit intra-interface.
You should have the inspection for the ICMP protocol.
do the following:
packet-tracer input inside 192.168.10.15 8 0 192.168.20.10
packet-tracer input inside 192.168.20.10 8 0 192.168.10.15
Issue 2)
Well again, you cannot route based on source IP addresses,
Are you trying to go to a specific subnet/device via the WAN2 interface
Rate all of the helpful posts, keep us motivated to keep replying
06-13-2013 04:29 PM
1. Can i connect two ASA's with L3 switch and do the routing in the switch for different Vlan's traffic will go through different ASA interfaces.
2. If I place a router for different ISP's.
ISP1 & ISP2 - Router - ASA - Switch with 2 vlan's
In this way can I route the traffic of vlan's to different ISP's.
06-13-2013 05:15 PM
1) As long that traffic traverses the ASA (so stateful inspection engine pass) u are good to go.
2) Exactly, that's the best way to go Doing the PBR on the router
Remember to rate all of the helpful posts.
For this community that's as important as a thanks.
06-13-2013 06:05 PM
which router will be best for this. I have to use 2 WAN interfaces for Data & Voice (IP Phones). 2 site to site VPN Tunnels. And Users may access VPN through VPN Client or Cisco anyconnect VPN. Also we have to connect PBX.
06-13-2013 08:08 PM
Hello,
I not consider myself a person that can recommend a router
But what about one from the 2800 series (The 2821 is one great Integrated Service Router)
Regards,
Remember to rate all of the helpful posts.
For this community that's as important as a thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide