Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
552
Views
0
Helpful
2
Replies

Adding second ISP to my LAN, but in different building?

Go to solution
abrrymnvette
Level 1
Level 1

‎09-21-2012 11:20 AM - edited ‎03-07-2019 09:01 AM

I need to add a second ISP as a backup ISP. The second ISP was installed and is active. This was done before I started working here. I'm not sure on how to make this second ISP useable though. Here's my scenario

ISP 1  --> ASA 5510 --> Catalyst 3750  ----trunk---- Catalyst 3750--- trunk ---- Catalyst 3560 ------  ISP 2

How can I get ISP all the way back up to the ASA? Put the port that ISP 2 is plugged into on it's own VLAN? Say VLAN50 and then allow VLAN 50 on the trunks?                   

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎09-21-2012 12:49 PM

Hello Abrrymnvette,

>> How can I get ISP all the way back up to the ASA? Put the port that ISP 2 is plugged into on it's own VLAN? Say VLAN50 and then allow VLAN 50 on the trunks?  

Yes, if you haven't a free interface on the ASA 5510 that woud be better from a security point of view.

IF you go this way you need :

to create vlan 50 on all involved catalyst switches

to allow vlan 50 in all trunk links

to make the ASA - C3750  a trunk link allowing at least  two vlans vlan 50 and the inside Vlan

to configure vlan based subinterfaces on the ASA

DO NOT configure an SVI in vlan 50 in any of your switches or the ASA can be bypassed.

Hope to help

Giuseppe

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎09-21-2012 12:49 PM

Hello Abrrymnvette,

>> How can I get ISP all the way back up to the ASA? Put the port that ISP 2 is plugged into on it's own VLAN? Say VLAN50 and then allow VLAN 50 on the trunks?  

Yes, if you haven't a free interface on the ASA 5510 that woud be better from a security point of view.

IF you go this way you need :

to create vlan 50 on all involved catalyst switches

to allow vlan 50 in all trunk links

to make the ASA - C3750  a trunk link allowing at least  two vlans vlan 50 and the inside Vlan

to configure vlan based subinterfaces on the ASA

DO NOT configure an SVI in vlan 50 in any of your switches or the ASA can be bypassed.

Hope to help

Giuseppe

0 Helpful

Go to solution
abrrymnvette
Level 1
Level 1
In response to Giuseppe Larosa

‎09-24-2012 07:15 AM

Thanks, that's exactly what I was thinking. Just needed confirmation from someone. Much appreciated!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card