BPR with router and firewall

Fuad.sabacard · ‎10-21-2012

Hello,

In my company, we have two Internet connections, one for VPN and the other for emails and browsing. I have Cisco 1841 router with dual ADSL links, and also it's conntected to ASA and the other PIX. through one physical interface (vlan 1and vlan 2). The PIX firewall is connected to users, and the ASA is for VPN only.How can I seperate the traffic is going for emails and browsing and the vpn traffic. I have got to the point, that the router is configured for both ADSL connections, and I also configured the access-list and route-map in the router, the thing is when both ADSL configured together none of them works.Any ideas what am doing wrong

Fuad Bazarah

Karsten Iwen · ‎10-21-2012

When looking at your devices, It seems like the buying-decisions were made completele independent without thinking about how they would work together. All in all for me it seems that it's all more complicated then needed.

I would change the complete setup the following way:

Remove the PIX, connect the ASAs outside interface to the static ADSL and the ASAs inside interface to the 1841. The 1841 is the DG for the users and has two statics routes. The default route to the dynamic ADSL and the VPN-pool to the ASA On the router you should activate the IOS-firewall for the connection to the internet (you need a security-license for that).

Another scenario is to remove the PIX and router completely. At least with the AnyConnect-Client you can use both ADSLs independently the way you want.

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni