cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
506
Views
0
Helpful
2
Replies
Highlighted
Beginner

Asa 5510 multiple ISP for different purposes

all,

I have a client that is using an ASA5510 and would like to make some changes

current config - 

int 0/0 - external connection (T1) with multiple VPN site to site tunnels and VPN client tunnels

int 0/1 Internal (10 network)

Proposed config -

1. add cable internet to int 0/3

2. route default internet traffic to cable internet

3. leave VPN tunnels on T1

4. failover internet in the event of cable internet outage(using tracking)

Would one or both of these options work? if so what is the better way to do it?

option 1

1. add static routes for each VPN endpoint and protected network to use T1 gateway.

Option 2

2. add static routes for VPN end points and set default route for T1 as  the tunned interface.

if this would work would we need to move the VPN clients config over to the cable internet? or is there a way to have it work on the VPN as well?

thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Suggested design will work and option 1 looks more promising however we need to make sure VPN clients are shifted to Cable Internet first because in case of VPN client since VPN peer is not known thus to make communication possible reverse route for VPN client peer is needed. This reverse route will be provided by the device's default route and in our case it is Cable Internet.

Hope this helps.

Regards,

Anuj

View solution in original post

2 REPLIES 2
Highlighted
Beginner

Suggested design will work and option 1 looks more promising however we need to make sure VPN clients are shifted to Cable Internet first because in case of VPN client since VPN peer is not known thus to make communication possible reverse route for VPN client peer is needed. This reverse route will be provided by the device's default route and in our case it is Cable Internet.

Hope this helps.

Regards,

Anuj

View solution in original post

Highlighted

Thanks. that is how we ended up setting it up.