2 ISPs with Our Existing Cisco Equipment

Hello,
I apologize if this is long - we have a Verizon T1 for our ISP which has been at capacity for some time and we are planning on adding an additional 15mb/3mb for data with a separate 1.5mb to support a VoIP which would give us 3 external connections (once the contract with Verizon is up we will most likely drop them). We currently have a Cisco ASA 5510 without the Security Plus license that our T1 connects to as well as VPN clients. Internally we have a Cisco Express 500 that our VoIP phones connect to which is then connected to the ASA. Our data drops are connected to a “dumb” switch which is also connected to the ASA.
We were hoping to have Voice on the 1.5 cable, our Email and web servers on the T1 and all other data use the 15mb cable. From what I understand we cannot use the ASA 5510 for more than one ISP. We have 2 more Cisco Express 500s sitting in our closet. I know this is a stretch but with the equipment that we have, 3 Cisco Express 500s and a 1 Cisco ASA 5510, can we make this work to have multiple external ISPs? I’m not too familiar with networking so any help is much appreciated.
Thanks!
johnnvaAsked:
Who is Participating?
 
Garry GlendownConnect With a Mentor Consulting and Network/Security SpecialistCommented:
ASA does not do PBR (policy-based routing). For limited use cases, there is a workaround that might work ... first, put in default routes to your uplinks:

route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
route voice 0.0.0.0 0.0.0.0  y.y.y.y 2
route email 0.0.0.0 0.0.0.0 z.z.z.z 3

nat (inside) 1 0 0
global (outside) 1 interface
global (voice) 1 interface
global (email) 1 interface

Then add NAT statements for different kinds of traffic, e.g.

static (email,inside) tcp 0.0.0.0 smtp 0.0.0.0 smtp netmask 0.0.0.0
static (voice,inside) udp 0.0.0.0 sip 0.0.0.0 sip netmask 0.0.0.0

Disclaimer: I've not tried to pull a stunt like this with VoIP, there's most likely additional ports, OTOH you most likely have a fixed IP of the remote VoIP provider, so you could tag the traffic based on that ...

It's probably easier to set up such a PBR config on a "real" router, which will allow easier configuration of the routing ...
0
 
Gary ColtharpConnect With a Mentor Sr. Systems EngineerCommented:
You cant use the ASA to load balance two ISP's ...but you can use it to failover to a backup ISP.

Set up an sla to monitor the gateway connectivity on your primary ISP... it if goes away for X, change the gateway to the failover.

See Example 7 on the following link:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ref_examples.html#wp1057935

0
 
johnnvaAuthor Commented:
Thanks for the reply, we have thought about a failover but our main goal is to have our VoIP and data traffic on separate networks, internally as well as external. The more I research it looks like the only way to be able to use multiple ISPs is to install a router in front of the ASA.
Is this correct?
We want to spend as little as possible since we are already going to be spending more on our bandwidth.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.