Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
620
Views
5
Helpful
3
Replies

how to configure One ISP link to Two ASA's.

srikanth ath
Level 4
Level 4

‎06-10-2012 10:07 AM - edited ‎03-07-2019 07:10 AM

Hi

I have a datacentre where we has only one ISP link which  is already terminated to cisco PIX with configured VPN's to clients.recently we bought a new cisco asa security +  to set up a new VPN's for different data centres. we are looking to use both the firewalls the only problem is we have only 1 ISP link.

please help me on how can i use the one ISP link to different firewalls.

ISPdetails:

WAN pool: 14.140.0.X/30

Lan Pool:    14.180.0.Y/28

wan pool is configured to cisco pix , can i use the Lan pool of ISP as an outside IP address for the new Cisco ASA(remebering i need to configure L2L ipsec VPN's where the Ip is ideally would be the Peer IP for the other datacentres).

or please suggest meon how to configure this ISP links to two firewalls.

ISPlink

  "

  "

Cisco Pix(14.140.0.X/30)     +    ASA

Labels:
0 Helpful
3 Replies 3

nkarthikeyan
Level 7
Level 7

‎06-10-2012 10:38 AM

You can have your internet link suspended to the router and down to that you can connected to firewalls..... you can define the static route to make such adjust ments....

2 scenarios

WAN router --- Rtr---Firewalls

WAN rtr -->rtr -->L2 SW-->ASA 1 & ASA 2

in router you need to define the static routes for ASA's destination ip's... so that if a traffic comes for public ip defined in ASA1 it should forward to ASA1 and similarly for ASA2.

0 Helpful

srikanth ath
Level 4
Level 4
In response to nkarthikeyan

‎06-10-2012 10:45 AM

Hi karthikeyan,

we donot have a router but  have L3 switch . can you please explain me how to configure this on L3 switch.

should i use VLANs in the switch say Vlan 10 of wan router and the same VLan to be asigned for two ASA's. if vlans work in my scenario should i have to creat SVI vlan with IP address or just need to assign ports with vlan 10.and that should work.

Thanks,

srikanth

0 Helpful

nkarthikeyan
Level 7
Level 7
In response to srikanth ath

‎06-11-2012 01:08 AM

Suspend your Internet link in L3 switch... and connect your firewalls also in the l3 switch with routed interface

Say WAn router --14.140.0.1/30 & Your L3 switch ina routed interface assign 14.140.0.2/30

You need to have a default route in l3 switch - ip route 0.0.0.0 0.0.0.0 14.140.0.1(WAN router)

Break the subnets as per the requirement. 1st step am breaking 2 /30 subnets

1st firewall: 14.180.0.0/30

14.180.0.1 - L3 switch routed interface

14.180.0.2 - ASA firewall outside interface

Default route -> route ouside 0.0.0.0 0.0.0.0 14.180.0.1(l3 sw ip)

2nd firewall:14.180.0.4/30

14.180.0.5 - L3 switch routed interface

14.180.0.6 - ASA firewall outside interface

Default route -> route ouside 0.0.0.0 0.0.0.0 14.180.0.5(l3 sw ip)

You can use the remaining IP's in that range for PAT as per your requirement. But you need to point out the static route whichever is used for the respective firewalls.

say if you use 14.180.0.10 for 1st firewall. then you may need to have the static route in l3 switch for the same pointing to the respective firewall.

ip route 14.180.0.10 255.255.255.255 14.180.0.2

<---------- PAT IP -------------------------->

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card