cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
779
Views
0
Helpful
2
Replies

Dual ISP setup with ASA 5512X With baselicense

abinmad123
Beginner
Beginner

Hi,

 

Attach is the design for reference

we have 4 mb internet link which is connected to the 2911 router--switch--asa5512x--4507 switch--WSA

now we got new internet 10 mb link which is connected to another same set of devices for we want wireless users should go through 4mb link and all other lan (vlans) should go through new 10 mb link incase of link failure it should go through another link 

but we have base license with our ASA's so cant do active/standby or active/active failover here.

 

please help me how can we implement this ?

 

Regards

 

 

 

2 Replies 2

Karsten Iwen
VIP Mentor VIP Mentor
VIP Mentor

The easiest would be to upgrade both ASAs to Security-Plus, run A/S failover and implement Policy-based Routing on the ASA.

Without that you could:

  1. Use IP SLA on the ASA to track the reachability of the internet-connection
  2. Run a routing-protocol to the 4507 to announce a default-route
  3. On the 4507, use policy-based routing to distribute the traffic to the two ASAs while both default-routes are present. When only one default-route is present, use only that.

Option one is less complex and is probably easier to implement.

Thanks Karsten

however i have implemented new asa firewall and internet link

i put both asa in same network and same vlan and configured default route from 4507 switch to new asa 

then i checked it still it is going through old asa(10.1.1.2) when i removed route to old asa then it is going from new asa(10.1.1.3)

anyway still i want to implement PBR on 4507 switch to route 10.1.100.0 traffic to 10.1.1.12 asa and all other lan traffic to 10.1.1.3 new asa 

another issue is we have if we do the PBR then we have anyconnect vpn users coming form old isp ASA(10.1.1.2) but when they want acces any server which belongs other than wireless (10.1.100.0) so how can they access it ? as we are only routing wireless traffic to old asa ?

 

your help will be much appreciated.

it wil be better if you just give me sample config for pbr 

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: