cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Get the latest new and information the November issue of the Cisco Small Business Monthly Newsletter

673
Views
10
Helpful
4
Replies
Beginner

ISA 570 WAN2 as VPN Tunnel Only

So I have two ISP here in my location. WAN1 is the primary use for everything. WAN2 is to be used ONLY for VPN Tunnels

Any guides, documents, articles, and help is appreciated.

In the next phase, I want only select computers to use the WAN2 Internet. I guess this has something to do with VLANS??

Everyone's tags (3)
4 REPLIES 4
Contributor

ISA 570 WAN2 as VPN Tunnel Only

You will want to use Policy Based Routing (PBR).  See page 153 of the link below for assistance on configuring PBR.  If you run into any challenges, let me know.  I'd be happy to assist.

http://www.cisco.com/en/US/docs/security/small_business_security/isa500/administration/guide/ISA500_AG_OL-23370.pdf

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
Contributor

ISA 570 WAN2 as VPN Tunnel Only

You can also use PBR on your next phase.  You won't have to use VLANs if you group your desired systems accordingly in combination with PBR.  VLANs should only be required when you want to segregate devices from each other to prevent them direct access from each other without traversing the firewall first or if you need to seperate traffic like voice and video from regular data.

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
Highlighted
Beginner

ISA 570 WAN2 as VPN Tunnel Only

You can also use PBR on your next phase.  You won't have to use VLANs  if  you group your desired systems accordingly in combination with PBR.

=========================================================

I need clarification from your above statement. The next phase i stated involves a different network from DEFAULT_NETWORK.

DEFAULT_NETWORK

192.168.100.0 /255.255.255.0

PHASE2_NETWORK

172.16.0.0 /255.255.255.0

So this means I am leaning towards VLAN here?

I tried implementing the guide document you sent. All PC on the DEFAULT_NETWORK had no internet to outside. They are set to a static IP. When I told them to switch to DHCP, they had access. Why is this?

I will post a desired design of my network here and see if it is feasible. To follow

Contributor

Re: ISA 570 WAN2 as VPN Tunnel Only

I didn't realize you were desiring 2 different networks. I was under the impression you just wanted to route some systems one way and some another with a justifiable reason to do so. If two separate networks is the design, the yes VLANs is what you'll use.
On the Static versus DHCP question, there are a number of reasons it may not have worked in Static. The main question I have is whether there is a need for static IPs. If you're getting the desired result from DHCP, I'd stick with DHCP. Odds are you'll be happier with it in the long run anyway.

Please feel free to post your desired design. I'd be happy to look it over and discuss.

Sent from Cisco Technical Support iPhone App

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.