Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1222
Views
0
Helpful
4
Replies

Re: Dual ISPs on single cisco router attached to asa firewall outside and then core switch inside

Francesco Molino
VIP Alumni
VIP Alumni

‎01-12-2018 06:05 PM - edited ‎03-05-2019 09:45 AM

Hi

 

1. To have dual ISP, 1 as active and 1 as standby you’ll need to use IP SLA with static route tracking.

To give you an example, let’s assume IP of ISP1 router is 192.168.1.1 and connected to your router on interface f1/0, and IP of ISP2 is 192.168.5.1 and connected to your router on interface f1/1, the config will looks like:

 

ip sla 10

   icmp-echo 192.168.1.1 source-interface FastEthernet1/0
   threshold 2
   frequency 3
ip sla schedule 10 life forever start-time now

track 10 ip sla 10 reachability

ip route 0.0.0.0 0.0.0.0 192.168.1.1 track 10

ip route 0.0.0.0 0.0.0.0 192.168.5.1 10

 

2. What do you mean by how to connect? You’ll need to have an interco subnet and on ASA you’ll have a default route going to the IP on your router within this same subnet.

 

3. Same way as previous point with an interco subnet. On your switch you’ll have a default route going to ASA inside interface.

 

4. You’ll need to configure the port on which the switch is attached as trunk with the specific vlan like:

interface gx/x

   switchport mode trunk

   switchport trunk allowed vlan 2

 

Hope that answers your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Labels:
0 Helpful
4 Replies 4

Ahsan Munir
Level 1
Level 1

‎01-16-2018 12:49 AM

Hey Francesco Special Thanks for your Concern and sorry for my late reply

 

1.  Is there I have to configure NAT on ASA firewall for the access of internet or just i need to add default route ?

2. Is there any configuration i have to apply for inside interface of ASA so the ASA accept the traffic from Core switch ?

 

 

 

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to Ahsan Munir

‎01-16-2018 02:37 PM

Hi

You can have nat done on asa but you'll need to configure correctly the routing as your router is between internet and your firewall, or you can have nat handled by your router and will be much easier.

By default, if you don't configure any acl, there's a default rule allowing communication from inside to outside. However I'll recommend creating an acl to filter what traffic is allowed to go from inside to outside.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Ahsan Munir
Level 1
Level 1
In response to Francesco Molino

‎01-17-2018 12:00 AM

Thanks Francesco,

its not proper solution of my question but it helps me alot thank you

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to Ahsan Munir

‎01-17-2018 05:23 AM

What do you mean is not proper solution? What did you expect?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card