Routing traffic through T-1 and Cable connection

We have an existing T-1 line which is fed through a Cisco 2600 router (loaner) and then into a Sonicwall 3050, which is setup as a remote end of a VPN site to site.  We are adding a business class cable line which we want most of the traffic to go through except what is need for the VPN.  Unfortuately, some of traffic is required to pass through the VPN for authentication purposes and then we want to port everyting else through the much faster cable connection.  Might add that we don't have access to the router or sonicwall; controlled by a different company.  Can we port everyting through an ASA5505 or better and maybe create a static route to pass necessary traffic through VPN?  Not sure what is the best way to accomplish this, think we may need dual connections and think the ASA only one port out Port0.  Maybe we need another router?
Who is Participating?

Improve company productivity with a Business Account.Sign Up

kdearingConnect With a Mentor Commented:
If you don't have access to either the 2600 or the SonicWall...

Then you'll need to put a router behind the SonicWall
The new router will need to have 3 interfaces

Configure as follows:
Set up new router normally for the Comcast internet connected to WAN1
Connect WAN2 to SonicWall with a static IP (probably
Add a static route for the remote site and point it to the SonicWall (
The LAN connected to your internal network.

Note that this means your LAN subnet will have to change to something other than
I am not sure I completely understand the scenario.....but it sounds like you have a remote office that is accessing a VPN connection to another network where the T1 is installed?  Are you presently getting all of your internet access through the VPN only?   I am assuming if you do not have access to the Cisco Router or the Sonicwall that they must be installed at a remote site? Are you adding the business class cable line locally at your site?

Depending upon the configuration it would be easy to setup a separate gateway on your business class cable line....but that depends on the configuration.
WebccAuthor Commented:
Sorry right now all traffic is going through the VPN.  I am configuring the remote site which connects to the main office to authenticate and uses some proprietry software applications.

Existing setup:
(T-1) -----------(2600 router DSU/CSU)----------(Sonicwall)-----------(LAN)
(Connects via site-site VPN to main office)  *Router and Sonicwall is on-site, but don't have access to configure and would like to keep seperate if possible.

Adding business class cable:
(Cable)--------(Cable modem)----------------(????)--------------------(LAN)
Want to route most of workstations through the cable connection for Internet traffic, but need to access main office for applications but don't want to use the slow T-1 for Internet.  Was thinking of a static route or some other way of performing the routing.  The traffic is destine for
Hope this clarifies a little.
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

kdearing's post is accurate and adding another router behind the Sonicwall will work granted the router has two WAN interfaces. Can I ask a stupid question?  If you don't have access to the Cisco 2600 or the Sonicwall...who does?

If the Cisco and Sonicwall are in fact located onsite, is it possible to get access to the devices? If you could get access to them it would be very easy to install a second firewall like the Sonicwall for your business DSL cable connection and plug it into the Cisco 2600 WAN2 port and accomplish the same thing, assuming you have someone who can configure the WAN2 interface on the 2600 to your specs.

Another workaround that I have used in the past for small networks is to setup up your new Cable router that you want to use for your outbound internet access and assign it a static IP address that is valid on your current network 192.168.44.* (any address that is not currently in use) and make sure it is accessible from your main network(backbone) switch. Then configure each workstation with a static IP address and use the new Cable router as the default gateway, you should also statically assign the DNS servers provided by your ISP on each workstation. Then you can assign a static route on each computer for the VPN to use the other Sonicwall gateway for your application needs, using the windows "Route ADD" command.  However this would require you to visit each and every workstation that uses the VPN to access the remote application.

WebccAuthor Commented:
Kind of complicated - company is part of a consortium that has an IT company which manages the WAN, the state of the consortium is crumbling.  Everyone is trying to hold on to their piece of the pie and this company has been unwilling to devulge logins/passwords to routers/firewalls and we don't have any leverage right now to force them.  So, I trying to work around them.a

Could I not enter a static in the cable router that would send all traffic destine for to the Sonicwall and out the T-1 line?
The problem with just connecting it is that you will have 2 DHCP servers on the same network (bad idea)

If you do not want to get a dual-WAN router (about $300-500), then putting everything on static IPs (as Patmac951 suggests) would work.
I am not sure what type of Cable router you are using do you know the manufacturer and model number?  You can usually disable DHCP on  most routers this will ensure the router is not trying to assign an IP address to your client computers.  My previous suggestion would work but only if you assigned Static IP's on all your workstations.  This suggestion was a workaround for a small network,  how many computers are we talking about at this location?

The problem with entering a static route on the cable modem is because it will be acting as your gateway (edge of the network before the internet) you may run into problems trying to route traffic back to the internal network.  If you set up a static route on the cable modem to an outside WAN address the traffic will go out over the cable router.  However if you route the traffic at the workstation using a persistent static route the computer will know to send the VPN traffic to the Sonicwall gateway and not the cable router.
WebccAuthor Commented:
About 40 workstations and they are already configured for static IP's.  Was looking for a suggestion on a dual WAN router.  The cable service is going in this week.
If you disable the cable modem's DHCP and leave your computers as is, they will still use the SonicWall as the default gateway and never use the cable modem.
Patmac951Connect With a Mentor Commented:
Below is link to Linksys/Cisco Dual Port WAN Router that I have used in the past.

Use Kdearing's first post as an example of how you should set up the dual WAN router behind the Sonicwall firewall.

Note that if you are already using static IP addresses on your client computers you should set up the dual port router as your default gateway on all of your workstations.  Then in the new dual WAN router configure a static route for all outbound traffic with a destination of (or whatever the VPN gateway WAN address is)  and this will ensure all traffic for the VPN will be routed through the Sonicwall and T1 connection.

However this will still require you to visit each computer to change the static Gateway address to the new router.
WebccAuthor Commented:
Can then add the static in the new dual WAN router instead of at the workstation level correct?  What would be the syntax of the route command?  Thnks, think we are getting there.  
You can use the GUI
All traffic for the remote site subnet should route to the Sonicwall.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.