How to connect 5 ISP connections to Cisco ASA A/S Pair w/ Security Plus
Problem Details: HI -
I have a pair of Cisco ASA 5510's with Security Plus Licensing setup in Active/Standby
mode. I also have the AIP SSM device in each ASA.
At the main office there are 5 ISP connections. But only one of them goes through the ASA
pair. Between the two firewalls and the ISP i have a switch. The switch has the ISP
connection plugged in, then a wire going to each of the ASA's.
The other ISP connections go through their individual routers, then connect to our network
bypassing the Cisco ASA's.
They are used as follows.
ISP 1 - Internet (150Mb/s down, 35Mb/s up)
ISP 2 - SAN Replication (35Mb/s down, 35Mb/s up)
ISP 3 - AnyConnect VPN for remote staff (50Mb/s down, 10Mb/s up)
ISP 4 - Multiple bonded MPLS T1's for branch access (Terminal services and IP phones)
ISP 5 - 4G Internet (25Mb/s Up, 25Mb/s Down)(Not currently used)
My goal is to have all 5 ISP connections ultimately run through the ASA Pair. I added a crude picture of the desired setup. Sorry, i'm not at my PC so had to use MS Paint.
Is this a wise idea?
What hardware below do you recommend to make the following happen? I have spare 2811 Routers.
From what I understand I need to do PBR (Policy Based Routing), but have no idea what
hardware i would need.
1)Have each ISP connection failover to the ISP of my choosing. For example, I want ISP
1 to failover to ISP 2, and if ISP 3 is down then have it failover to ISP 5.
2) Have a Failover ISP link be active while waiting for a failover to happen. For example,
ISP 2 be active for SAN replication while it is waiting for ISP 1 to fail and if ISP 1
fails I don't want it to interrupt the current activity on ISP 2.
3) I want my AnyConnect VPN to failover between ISP 3 and ISP 5.
Hello I am getting this following error and get ACTV, XPS and S-PWR LEDs amber then suddenly all LEDs are off: Booting...(use DDR clock 667 MHz)*** Coprocessor Unusable Exception ***PC = 0x00000000 00000000SP = 0x00000000 00000000Cause Reg...
Once Cisco DNA Center has provisioned the SD-Access devices to sites, the SD-Access fabric can be created. In the Cisco DNA Center UI, navigate to Provision > Fabric. This is where you create and manage your fabric domains and transits.]
Provision Discovered Devices
On the Cisco DNA Center UI, navigate to Provision page
Select the following devices and provision all the devices to Floor-1. During the provision workflow, Cisco DNA Center can only provision devices of similar family. We wi...