How to connect 5 ISP connections to Cisco ASA A/S Pair w/ Security Plus
Problem Details: HI -
I have a pair of Cisco ASA 5510's with Security Plus Licensing setup in Active/Standby
mode. I also have the AIP SSM device in each ASA.
At the main office there are 5 ISP connections. But only one of them goes through the ASA
pair. Between the two firewalls and the ISP i have a switch. The switch has the ISP
connection plugged in, then a wire going to each of the ASA's.
The other ISP connections go through their individual routers, then connect to our network
bypassing the Cisco ASA's.
They are used as follows.
ISP 1 - Internet (150Mb/s down, 35Mb/s up)
ISP 2 - SAN Replication (35Mb/s down, 35Mb/s up)
ISP 3 - AnyConnect VPN for remote staff (50Mb/s down, 10Mb/s up)
ISP 4 - Multiple bonded MPLS T1's for branch access (Terminal services and IP phones)
ISP 5 - 4G Internet (25Mb/s Up, 25Mb/s Down)(Not currently used)
My goal is to have all 5 ISP connections ultimately run through the ASA Pair. I added a crude picture of the desired setup. Sorry, i'm not at my PC so had to use MS Paint.
Is this a wise idea?
What hardware below do you recommend to make the following happen? I have spare 2811 Routers.
From what I understand I need to do PBR (Policy Based Routing), but have no idea what
hardware i would need.
1)Have each ISP connection failover to the ISP of my choosing. For example, I want ISP
1 to failover to ISP 2, and if ISP 3 is down then have it failover to ISP 5.
2) Have a Failover ISP link be active while waiting for a failover to happen. For example,
ISP 2 be active for SAN replication while it is waiting for ISP 1 to fail and if ISP 1
fails I don't want it to interrupt the current activity on ISP 2.
3) I want my AnyConnect VPN to failover between ISP 3 and ISP 5.
To participate in this event, please use the button to ask your questions
* Note: The link to join the discussion will be activated on March 8
All the knowledge of these four experts at your disposal!
Cisco Software-Defined Wide Area Network (SD-WAN...
Community Live- ISR1100X-4G and ISR1100X-6G Platform Overview and Architecture
(Live event - Tuesday, 23 March, 2021 at 10:00 am Pacific/ 1:00 pm Eastern / 7:00 pm Paris)-
This event will have place on Tuesday 23rd, March 2021 at 10:00 hrs PDT&...
Cisco Secure Network Access is helping IT to bridge the gap between what is essential to the business and what the network delivers and to build the next-generation campus network for an unplugged and uninterrupted experience.
Learn more about how these w...
(view in My Videos)
Community Live- New Additions to the Catalyst 8000 Family
(Live event - Tuesday, 23 February, 2021 at 10:00 am Pacific/ 1:00 pm Eastern / 7:00 pm Paris)-
This event had place on Tuesday 23rd, February 2021 at 10:00 hrs PDT...
This event had place on Tuesday 23rd, February 2021 at 10hrs PDT
Designed for an intent-based network, the Cisco Catalyst 8000 Edge Platforms family offers best-in-class networking and security combined. The platforms, available in b...