01-30-2012 01:32 PM - edited 03-04-2019 03:04 PM
Hello,
We are looking to bring Comcast as our second ISP: ISP2
Our current provider provided their own Managed Internet Router.
With Comcast, we had to supply our own Internet Router.
Comcast with supply us with an a.b.c.d/30 range to connected to their WAN Router.
Also, Comcast with provide us with an w.x.y.z/28 range for Public hosts.
We currently have a connection from the ASA5520 outside interface to the ISP1 Managed Internet Router.
How do I configure the requested ISP2 internet router?
Any help is really apreciated.
01-30-2012 01:50 PM
Hello,
If you have ports you can connect the ASA5520 port to the ISP2, but only and I mean only if you use IGP protocol (e.g. OSPF) or static routing.
1st thing to clarify, what routing protocol do you want to run between you and ISP2?
Please reply and then we'll see how we can help!
Calin
01-31-2012 05:56 AM
Thanks for your response, but I am still confused about your answer.
Currently ISP1 Managed Router is connected to FW.
Now the difference with ISP2 is that, we have to provide our own Interent Router, then connect to FW.
No running protocols in the FW.
So, the questions is, how do I configure the requested ISP2 internet router? ISP2 provide us with a /30 range for a Point t Point connection to their WAN router, then we have to request another range for our Public IP addresses.
01-31-2012 06:02 AM
If you have no dynamic routing, then you acquire a router with at leat 2 Ethernet interfaces.
One interface will be connected to the WAN router (your provider router) and will use one IP from the /30 provided. This has to be discussed with the provider what they will use and what you will use not to overlap.
The second interface will be connected to your ASA. For L3 connection, depending on your actual configuration, you may take one /30 from the /28 provided to you and establish the connection between ASA and your router.
Another solution is not to split the /28 and just used it like this with 1 IP on the router, 1 IP on the ASA and the rest of the IP addresses from the /28 to NAT your private range.
HTH,
Calin
01-31-2012 11:11 AM
What are you trying to accomplish? Do you want failover, do you want to use both links at the same time? Do you want some load sharing. Each scenerio brings a different way to set this up?
You can do this with static routes and send half the organization out one connection via PBR or use HSRP for failover, or create 2 groups for another way.
The requirement is needed before a suggestion can be given. Also knowing what you have in the environment will help, is everything static now, eigrp, ospf, rip, etc...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide