cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Adding second ISP to my LAN, but in different building?

abrrymnvette
Beginner
Beginner

I need to add a second ISP as a backup ISP. The second ISP was installed and is active. This was done before I started working here. I'm not sure on how to make this second ISP useable though. Here's my scenario

ISP 1  --> ASA 5510 --> Catalyst 3750  ----trunk---- Catalyst 3750--- trunk ---- Catalyst 3560 ------  ISP 2

How can I get ISP all the way back up to the ASA? Put the port that ISP 2 is plugged into on it's own VLAN? Say VLAN50 and then allow VLAN 50 on the trunks?                   

1 ACCEPTED SOLUTION

Accepted Solutions

Giuseppe Larosa
Hall of Fame Master Hall of Fame Master
Hall of Fame Master

Hello Abrrymnvette,

>> How can I get ISP all the way back up to the ASA? Put the port that ISP 2 is plugged into on it's own VLAN? Say VLAN50 and then allow VLAN 50 on the trunks?  

Yes, if you haven't a free interface on the ASA 5510 that woud be better from a security point of view.

IF you go this way you need :

to create vlan 50 on all involved catalyst switches

to allow vlan 50 in all trunk links

to make the ASA - C3750  a trunk link allowing at least  two vlans vlan 50 and the inside Vlan

to configure vlan based subinterfaces on the ASA

DO NOT configure an SVI in vlan 50 in any of your switches or the ASA can be bypassed.

Hope to help

Giuseppe

View solution in original post

2 REPLIES 2

Giuseppe Larosa
Hall of Fame Master Hall of Fame Master
Hall of Fame Master

Hello Abrrymnvette,

>> How can I get ISP all the way back up to the ASA? Put the port that ISP 2 is plugged into on it's own VLAN? Say VLAN50 and then allow VLAN 50 on the trunks?  

Yes, if you haven't a free interface on the ASA 5510 that woud be better from a security point of view.

IF you go this way you need :

to create vlan 50 on all involved catalyst switches

to allow vlan 50 in all trunk links

to make the ASA - C3750  a trunk link allowing at least  two vlans vlan 50 and the inside Vlan

to configure vlan based subinterfaces on the ASA

DO NOT configure an SVI in vlan 50 in any of your switches or the ASA can be bypassed.

Hope to help

Giuseppe

Thanks, that's exactly what I was thinking. Just needed confirmation from someone. Much appreciated!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: