I need to add a second ISP as a backup ISP. The second ISP was installed and is active. This was done before I started working here. I'm not sure on how to make this second ISP useable though. Here's my scenario
ISP 1 --> ASA 5510 --> Catalyst 3750 ----trunk---- Catalyst 3750--- trunk ---- Catalyst 3560 ------ ISP 2
How can I get ISP all the way back up to the ASA? Put the port that ISP 2 is plugged into on it's own VLAN? Say VLAN50 and then allow VLAN 50 on the trunks?
Go to Solution.
>> How can I get ISP all the way back up to the ASA? Put the port that ISP 2 is plugged into on it's own VLAN? Say VLAN50 and then allow VLAN 50 on the trunks?
Yes, if you haven't a free interface on the ASA 5510 that woud be better from a security point of view.
IF you go this way you need :
to create vlan 50 on all involved catalyst switches
to allow vlan 50 in all trunk links
to make the ASA - C3750 a trunk link allowing at least two vlans vlan 50 and the inside Vlan
to configure vlan based subinterfaces on the ASA
DO NOT configure an SVI in vlan 50 in any of your switches or the ASA can be bypassed.
Hope to help
View solution in original post
Thanks, that's exactly what I was thinking. Just needed confirmation from someone. Much appreciated!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: