Showing results for 
Search instead for 
Did you mean: 

Cisco ASA 5510 backup adsl internet link how to

Hi everyone,

I've got an ASA 5510 with two internet links.

one is the primary link delivered as a cat5 ethernet hand-off from the internet provider.

the other is a backup adsl link provided by the same internet provider.

I'm trying to configure the ASA so that if the primary ethernet internet link goes down the backup adsl link is dialed-up and used, and when the primary ethernet link is restored the backup link is disconnected and routing goes back through the primary link.

i've been looking into this for quite some time and trying different things but im still unsure of the best way to do this because im fairly unfamiliar with using the pppoe client on the ASA, and im still fairly amature at configuring redundant links so im hoping someone can help me.

to give you some background on the setup:

ive got two ASA 5510's running asa software 8.2(2) 12  in an active/standby failover configuration and that works fine.

primary internet link is a 4meg/4meg ethernet hand-off with static ip subnets

the two ASA's outside interfaces and the ethernet link from the ISP connect in to a small switch.

secondary link is adsl2+ which adopts the same static ips from the primary link when the pppoe session is established which means when the pppoe session comes up traffic is no longer routed to the primary link.

The ADSL is delivered to the ASA via a DSL modem in bridge mode.

The two ASA's backup interfaces are connected to the DSL modems ethernet ports.

even though both internet links have the same ip subnets assigned they would have different next hops (i havent had a chance to check this but logically it would be true).

this site acts as the ipsec hub to various branch sites.

this site also has remote access ipsec for support staff.

this site hosts internet services like email and web

my first challenge appears to be configuring the ASA to know when the primary link is down. Since its an ethernet link, the ASA wont know anything is wrong unless the cable is physically cut or disconnected.

I know I can use sla monitor to ping test the isp end of the link to determine if its up or down.

the next challenge is getting the asa to start the pppoe session for the adsl only when the primary link is determined to be down, and to disconnect the pppoe session when the primary link is determined to be up.

Since bringing up the adsl connection stops all traffic bring routed to the primary internet link i dont want to bring up the adsl connection until the primary link is deemed to be down, otherwise all traffic will be unneccessarily routed through the slower adsl link.

And then lastly i need to make sure the access lists and static NATs still work after the primary link goes down and the backup link comes up - e.g. can people still hit the website, can mail still be delivered, or will i need to create another set of access lists and static NATs to work with the backup link.

any help or advice greately appreciated.