Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
380
Views
0
Helpful
2
Replies

Second WAN link

Steve Coady
Level 1
Level 1

‎01-08-2015 09:00 AM - edited ‎03-05-2019 12:31 AM

Hello

 

I have a new WAN link, a second WAN link (Site_2), that I want to bring up.

 

The Primary WAN (Site_1) link has an ASA that dynamically distributes the default gateway using the following config on the ASA inside interface.

interface GigabitEthernet0/0
 nameif Inside
 security-level 100
 ip address 10.0.1.253 255.255.255.240 standby 10.0.1.254
 summary-address eigrp (#) 0.0.0.0 0.0.0.0 200

 

The Primary ASA connects thru a 3750 switch and then to the CORE devices at Site_1

 

 

The Secondary WAN (Site_2) link has the following config on the ASA inside interface. NO dynamic dist of DG

interface GigabitEthernet0/0
 nameif Inside
 security-level 100
 ip address 10.1.1.253 255.255.255.240 standby 10.1.1.254

 

The Secondary ASA connects directly to the CORE devices at Site_2.

 

My Goal is to bring up the connection to the Secondary ASA at the CORE and then test.

I have already verified I can VPN into the Secondary ASA. I now want to move about the Inside network.

 

What precautions do I need to take to not adversely affect the Production network?

What specific test should I perform from various places across the network to vett out this new WAN link?

 

 

 

 

sMc
Labels:
Preview file
780 KB
0 Helpful
2 Replies 2

ghostinthenet
Level 7
Level 7

‎01-09-2015 07:35 AM

As long as the ASA is distributing the default route via EIGRP, you should be fine as long as you don't override it. For testing throughout the LAN, you can select a specific destination network that is unlikely to be used by the production network and have that specific network advertised via EIGRP from the secondary connection's ASA. Any traffic that is not destined for your test network will still be caught by the primary ASA's default route.

0 Helpful

paul driver
VIP
VIP
In response to ghostinthenet

‎01-11-2015 03:44 AM

Hello

you dont say how the two cores are conected and how core 2 is receiving routing 

I am assuming it dynamically over eigrp from site one over the physical interconnect showing in ypur topology? And given these two sites look like they are already connected how come you cannot access site 2 via site1 over this link?

Also you dont say if core 2 inside interface is to be advertised in eigrp?

lastly you are showing the same physical ip address at each site ( i guess this is a typo?)

Now when you bring core 2 inside interface up at present its Again im assming the only default route as far as i can see from this information is coming over from core 1 so you should be okay.

res

Paul

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card