How to connect 5 ISP connections to Cisco ASA A/S Pair w/ Security Plus
Problem Details: HI -
I have a pair of Cisco ASA 5510's with Security Plus Licensing setup in Active/Standby
mode. I also have the AIP SSM device in each ASA.
At the main office there are 5 ISP connections. But only one of them goes through the ASA
pair. Between the two firewalls and the ISP i have a switch. The switch has the ISP
connection plugged in, then a wire going to each of the ASA's.
The other ISP connections go through their individual routers, then connect to our network
bypassing the Cisco ASA's.
They are used as follows.
ISP 1 - Internet (150Mb/s down, 35Mb/s up)
ISP 2 - SAN Replication (35Mb/s down, 35Mb/s up)
ISP 3 - AnyConnect VPN for remote staff (50Mb/s down, 10Mb/s up)
ISP 4 - Multiple bonded MPLS T1's for branch access (Terminal services and IP phones)
ISP 5 - 4G Internet (25Mb/s Up, 25Mb/s Down)(Not currently used)
My goal is to have all 5 ISP connections ultimately run through the ASA Pair. I added a crude picture of the desired setup. Sorry, i'm not at my PC so had to use MS Paint.
Is this a wise idea?
What hardware below do you recommend to make the following happen? I have spare 2811 Routers.
From what I understand I need to do PBR (Policy Based Routing), but have no idea what
hardware i would need.
1)Have each ISP connection failover to the ISP of my choosing. For example, I want ISP
1 to failover to ISP 2, and if ISP 3 is down then have it failover to ISP 5.
2) Have a Failover ISP link be active while waiting for a failover to happen. For example,
ISP 2 be active for SAN replication while it is waiting for ISP 1 to fail and if ISP 1
fails I don't want it to interrupt the current activity on ISP 2.
3) I want my AnyConnect VPN to failover between ISP 3 and ISP 5.
1. Log into CLI of DNAC:
ssh maglev@< DNAC appliance IP> -p 2222
2. Run this curl command to get token to get member id:
curl -X POST -u admin:<admin user password> -H -V https://<CLUSTER-IP>/api/system/v1/identitymgmt/token
Enterprise Switching Business Unit is glad to announce Beta release 16.12.2 for all Catalyst 9200/9300/9400/9500/9600 and Catalyst 3650/3850 Platforms. This release is made available to allow users to test, evaluate and share fee...
Purpose of the document
This document describes the general recommendations or best practices when designing and deploying the Cisco SD-Access technology. The document assumes that the reader has a general overview of Cisco's SD-Access for Distributed C...
Do you currently have hands-on networking experience? If you do, we'd love to hear from you!
Your feedback will be reviewed and analyzed by our team to directly influence a networking management and monitoring product.
Take the 20-min or les...