cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

422
Views
0
Helpful
7
Replies
Highlighted
Beginner

Two Internet Connection before FIREWALL and VLANS

Dear Experts,

I got an issue with my scenario and unable to understand really what need to do 

I have installed Cisco ASA 5520 connected with Cisco router DIA. All ACLs, Inside/outside and global NATING on ASA

I created 3 VLANs, VLAN1, VLAN20, VLAN30.  all vlan going to DIA internet Connection.

Onl VLAN 1 all Servers Connected while VLAN10, VLAN20 for users, They are Browsing, access VLAN1/Servers.

But Now I added new DSL connection. I want VLAN10 and VLAN20 People will talk to DSL internet Connection not DIA Internet 

Kindly help me how it be possible.  Cisco WAN Switch which  connected is 3750. 

I want VLAN10, VLAN20 people to talk with VLAN1 and for Internet DSL not DIA while VLAN1 talk to DIA internet. 

Regards,

Everyone's tags (1)
7 REPLIES 7
Highlighted
Beginner

Hi,

Hi,

as far as I am aware, the ASA5520 cannot handle PBR, and because it does NAT, you have no way of knowing who is who unless you have one NAT group for VLAN10 and VLAN20 and one NAT group for VLAN 1, if that is true you could implement PBR on the Multilayer switch(This depends on the image, you need Ipservices feature set for that) and if that is true you could decide that VLAN10&20 goes over DSL and VLAN1 goes over DIA.

Highlighted
Beginner

Thanks Borgenstrand for reply

Thanks Borgenstrand for reply, you are correct actually i used same as u mention so i think i should go for PBR. could you please clear me in NATING and PBR & let me know about PBR config. 

Highlighted
Rising star

Hi Imran,

Hi Imran,

The requirement  of segregating traffic based on source or destination IP addresses can be be achieved using PBR.

ASA 5500-x running 9.4.1 and above support PBR. ASA 5520 does not have support for PBR as newer image requires newer hardware.

Hope it helps.

RS

Rate if it helps.

Highlighted
Beginner

Thanks Rishbah,

Thanks Rishbah,

Could you please help me on it if i will perform PBR on Cisco Switch ?

Because i have C3750x switch with PBR between ASA and Router. 

Highlighted
Rising star

Hi imran,

Hi imran,

If you are using firewall for address translation then you need a mechanism to identify traffic on switch to perform PBR based on translated address. 

If translated ip for all internal vlans then you will not be able differentiate the traffic on switch. 

You can plan your network in such a way that you have different ip address for different vlans and then decide egress ISP based on your network.

Thanks 

RS

Highlighted
VIP Advisor

Optionally, you could

Optionally, you could configure the ASA in multiple context mode then have one context go to DIA and the other go to the DSL connection.  But this would require a complete re-design of you network and might not be worth it.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
Highlighted
Beginner

Hi Marius, 

Hi Marius, 

Thanks for reply. actually i am using ASA (5520/Version 8.2) in Routed mode because  i have VPN and Sub-inf and VLANS,