05-26-2015 10:10 PM - edited 03-11-2019 11:00 PM
Hi,
Attach is the design for reference
we have 4 mb internet link which is connected to the 2911 router--switch--asa5512x--4507 switch--WSA
now we got new internet 10 mb link which is connected to another same set of devices for we want wireless users should go through 4mb link and all other lan (vlans) should go through new 10 mb link incase of link failure it should go through another link
but we have base license with our ASA's so cant do active/standby or active/active failover here.
please help me how can we implement this ?
Regards
05-27-2015 01:05 AM
The easiest would be to upgrade both ASAs to Security-Plus, run A/S failover and implement Policy-based Routing on the ASA.
Without that you could:
Option one is less complex and is probably easier to implement.
05-27-2015 09:57 PM
Thanks Karsten
however i have implemented new asa firewall and internet link
i put both asa in same network and same vlan and configured default route from 4507 switch to new asa
then i checked it still it is going through old asa(10.1.1.2) when i removed route to old asa then it is going from new asa(10.1.1.3)
anyway still i want to implement PBR on 4507 switch to route 10.1.100.0 traffic to 10.1.1.12 asa and all other lan traffic to 10.1.1.3 new asa
another issue is we have if we do the PBR then we have anyconnect vpn users coming form old isp ASA(10.1.1.2) but when they want acces any server which belongs other than wireless (10.1.100.0) so how can they access it ? as we are only routing wireless traffic to old asa ?
your help will be much appreciated.
it wil be better if you just give me sample config for pbr
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: