Advice on dual ISP routes, PBR, ASA... All the good stuff
I'm sure there are many threads on how to configure dual ISP's with Policy Based Routing & the issues involved with using a single ASA in this enviroment. But this won't be one of those threads. The network i'm about to discuss actually works just fine & we are happy with the performance. What I am after is some advice or feedback on the way I have it currently configured. If you look at the attached picture, the network started out as simple as the SG300-28P (in L2 mode) looking after a handful of hosts, a few security cameras & a single ESXi server with the 1941 with an ADSL2+ connection. Since I took over its grown to represent the attached diagram. I now have the SG300 in L3 mode & is looking after the VLAN routing. It will soon be replaced with something not from the 'Small Business' product range. One group of users on a particuar vlan (VLAN 80) are very multimedia intensive & were consuming all the bandwidth of the ADSL connection, so we added a cable connection as well, this introduced me to PBR which works great on the 1941. At the same time a few users required secured remote connections. So I got the ASA 5510 with the AnyConnect license & installed it, which is all up & running. Due to the SSL VPN's coming in from the public IP of the cable connection, I terminated the cable modem directly to the ASA. This is the bulk of the companies internet traffic with only that one particular VLAN using the ADSL connection due to the unlimited download contract we have with the ISP (ISP1).
I've since added an IOS ZBF (Thanks to Keith Barker's videos for the assistance) to do stateful filtering of the ADSL traffic on int Dialer1 from VLAN 80's subnet. I'm wondering now if I should have terminated both Internet connections to the 1941 (via a switch & dot1q trunk) & put the ASA downstream to handle ALL the traffic? Obviously ISP2 will still be the default gateway & PBR will push traffic from VLAN 80 out the Dialer1 interface to ISP1 for VLAN 80. I'm curious as to what static NAT rules would I need to add in order for the SSL VPN to continue through the 1941 & terminate to the ASA? I'm genuinely curious as to what everyone thinks of the current network & if I should change it?
good morning I have this report from users, saying that they encounter connection issue only when they are wired , but the wireless I fine. both connection are using the same path to the internet ...please advised a troubleshooting plan.
Enterprise Switching Business Unit is glad to announce Beta release 16.12.3 for all Catalyst 9200/9300/9400/9500/9600. This release is made available to allow users to test, evaluate and share feedback before General Avail...
Hello.I make tools for gt CDP/LLDP data? VLANs/SVI and connected hosts (MAC/IP/Vendor).Work rfom windows.Can be exported to xml/json filedownload from: http://www.powerc.ru/download/PowerTOOLS.msi (for Windows).If You have questions please contact wi...
Hi there, I'm looking to upgrade the EHWIC-4G-LTE-G SKU MC7710 but i cant find the right firmware, or do I? I feel like I'm running arround in circles:Here I find the upgrade link: Cisco Firmware Upgrade Guide for Cellular Modems: htt...