06-21-2009 10:07 AM - edited 03-04-2019 05:11 AM
I need to route based on the policy rules. ASA doesnt seem to do that, I want the business traffic on one WAN and the Internet and VOIP on the 2nd WAN. I was thinking the 1811 will do this. I already have an ASA working but cant route. Any suggestions?
06-21-2009 10:53 AM
Get the router.
When configured properly, you will find that you don't even need the asa anymore.
06-21-2009 10:59 AM
Mark,
ASA can't do that.
You can use cisco 1811 router to do that. Just create ACLs to classify traffic you want to redirect to each WAN link. If they are internet links please pay special attention to NAT.
HTH,
Toshi
06-21-2009 12:23 PM
I knew ASA couldnt do this, is the 1811 the right model? Sounds like it has the 2 WANS. Why wouldnt I need the ASA any more?
06-21-2009 12:39 PM
Mark,
You still need ASA for doing firewall jobs. Cisco 1811 router supports PBR. However it depends on how much traffic you are going to send them out of 2 Wan links. PBR is done on the process switch. You may check by using a "sh process cpu history" command when running this feature on. I used to configure Cisco 1721 router(2 internet links) for my customer with this features. It's fine. Like I mentioned, It depends. (grin)
HTH,
Toshi
06-21-2009 12:40 PM
Thank you very much for your help. I hate ordering the wrong stuff! :)
06-21-2009 12:53 PM
Mark,
I'm not sure that why you choose Cisco 1811 router. In case you want to add any WIC/HWIC for Wan interfaces. You may think about Cisco 1841 router. It has 2 WAN slots for you guys. (grin)
Edit: You need IOS feature set, IP services or higer for doing PBR on Cisco 1811 router(If you want to).
Note: I'm sleepy head now(4 Am). You may check things yourself. http://www.cisco.com/go/fn
HTH,
Toshi
06-21-2009 01:01 PM
I went to the comparison on the 1800 series and the 1811 was the 1st one that had 2 WANS. Why would the 1841 be better?
06-22-2009 01:58 AM
becase the router does a very good firewall also.
06-21-2009 06:26 PM
Thank you very much for your help. I hate ordering the wrong stuff!
That's what e-bay is for. He he he ...
06-22-2009 03:47 AM
BTW, how were you planning to control return traffic to WAN link?
Unless you control both directions with QoS, VoIP with any other traffic might degrade VoIP.
If you can provide QoS in both directions, unclear the advantage of placing traffic on dedicated links with PBR. Also, with PBR, gets a bit more complex assuming you want both links to "backstop" each other.
06-22-2009 04:48 AM
We have one internet connect we use for VPN to our other locations. Some of the locations are running RDP with the servers here.
The 2nd connection is supposed to be for the internet for the local office (here) just for uploading and downloading etc.
That is what started all of this. So I am hoping to route the http and ftp traffic on the one line, and the rest of it on the other line.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide