• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 571
  • Last Modified:

ASA 5510 handling 2 IPs connections

Hi,

We have 2 different companies, one on 192.168.1.x and the other one on 192.168.2.x that are using the same network infrastructure. I want to bring in a second internet connection, put 192.168.1.x on the original connection and put 192.168.2.x on the new connection using a Cisco ASA 5510 to route everything. The original connection comes into a Cisco 1721 router and is then sent to the ASA 5510 who is responsible for all the NAT. I need advices on how i should go about doing this.
Thanks!
0
W0rldinc
Asked:
W0rldinc
  • 3
  • 2
2 Solutions
 
Ernie BeekExpertCommented:
I think it should be possible to create a situation with two 'outside' and two inside interfaces without having interaction between the two networks (or only if necessary).
0
 
W0rldincAuthor Commented:
That's the thing. There needs to be interaction between the 2 LANs and they all come from the same switch into 1 LAN port on the ASA. I would use 2 for Outside, 1 for Inside and 1 for DMZ. I would basically like to do routing based on the subnet. Everything from 192.168.1.x should go through inside1 and everything from 192.168.2.x should go through inside2. Would that be possible at all and how complex would it be to put it place?
0
 
Ernie BeekExpertCommented:
Not quite complex. For the inside you could create two subinterfaces (one for each subnet) and trunk the port one the switch.
Assuming you're using VLANs?
0
Become a Leader in Data Analytics

Gain the power to turn raw data into better business decisions and outcomes in your industry. Transform your career future by earning your MS in Data Analytics. WGU’s MSDA program curriculum features IT certifications from Oracle and SAS.  

 
W0rldincAuthor Commented:
Not at the moment, but that will be put in place at the same time we bring in the 2nd ISP. Right now, everything is in the 192.168.1.x. We will seperate it in 2 VLANs in order to do the routing properly. For the outside interfaces, what would need to be done? What kind of rule?
0
 
Ernie BeekExpertCommented:
Basically, you will have two interfaces with security-level 0. you will have to set up two global and two nat statements for the corresponding internal networks.
That should give you the (separate) internet access for both networks.
After that you can create statics, access list, etc just as you want it and just as you did before. You only have to watch that you put them on the corrects interfaces (for network 1 or network two).
0
 
gavvingCommented:
Actually that won't work... Well not exactly like that.  You can NAT into each IP block for each ISP and configure 2 outside interfaces, but the ASA can only have 1 default gateway.  Thus only 1 external outbound connection out the ASA is possible unless we're staticly routing site-to-site VPN connections or something out the other outside interface.  

To use 2 ISPs and have traffic using them split based upon source traffic you have to use policy based routing, and the ASA doesn't do that.  But your 1721 router can.  So you can use that to probably accomplish what you want.  Get a small separate switch and plug in the ethernet connections of the outside interface of the ASA, the 1721, and the new ISP into it.  Leave your ASA with the default route going to the 1721.  Setup NATing on the ASA to nat the 192.168.2.x network into the 2nd ISP IP Block.  Configure a secondary IP number on the ethernet interface of the 1721 and put it on the 2nd ISP IP Block.  Setup PBR on the 1721 to route to the 2nd ISP default gateway IP if the traffic is coming from the 2nd IP block.

That can work, it's a bit messy though.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now