Branch office Internet connection - recommended Cisco hardware

Posted on 2012-08-12
Last Modified: 2012-08-14
This should be fairly simple, but wanting a sanity check...

Customer has several branch offices with lower-speed (1.5 to 4.5-Mbps - bonded T1s) connections back to the main office. Fiber connectivity with higher-speed Ethernet handoffs are not options for several of these sites, so they're only means of adding bandwidth is provisioning additional T1s, which is VERY expensive.  The links are used for both business application traffic as well as centralized Internet through the main office, and lack of sufficient bandwidth is becoming a real problem.

They're looking to add new Internet connections at some of these branches (cable, business DSL, whatever is available), so that browsing traffic will stay off of the WAN, thus providing more available bandwidth for business apps and Citrix users. Each location has a carrier-managed router for circuit termination/bonding, and all branch traffic is currently being defaulted over this connection.

What would be the least expensive, "right" solution for a Cisco device to sit behind this carrier router, and handle sending traffic as appropriate over both?  My first thought was something as simple as an ASA 5505, with all customer (private) routes statically defined to go over the WAN route, and a default route pointing over the new Internet connection. IP SLA could also be configured on the ASA so if the Internet connection went down, it could fail over Internet traffic back over the WAN once more.

Looking for validation, and other options/input.

Thank you, and reference links/docs are always appreciated!
Question by:cfan73
    LVL 6

    Expert Comment

    The ASA is probably the most prefered secure method to accomplish this. If security isn't a concern you could go with a small router such as the 1900 series. You could still lock down traffic with acls on the WAN interfaces as such. Have you asked your isp that manages the routers about just adding an an additional interface for this need to eliminate you hardware investment perhaps?
    LVL 52

    Expert Comment

    by:Manpreet SIngh Khatra
    ASA is one of the most preferable options and quiet friendly as well :)

    Security is always a concerns so bit more money would mean healthy environment.
    I agree with jgibbar that you could specify the bandwidth that can be used for Internet but not sure how good would that really be :(

    Yes as said you can try to host your ISP for Internet hosting or kind of lease line ..... but how would you determine when the ISP is out and you need to plugin your device for routing :)

    - Rancy

    Author Comment

    @jgibbar - the 5505 ASA is far less expensive than a 1900 ISR, if it accomplishes the job. Can you confirm that there'd be no problem w/

    1) configuring static routes (for local nets) and a default route over the Internet link, and
    2) configuring IP SLA for the Internet connection to fail-over to the WAN route?

    Thanks again!
    LVL 6

    Accepted Solution

    At first glance without knowing any further details about your network, yes, this is a very simple implementation. Both of your tasks can be accomplished.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    There are times where you would like to have access to information that is only available from a different network. This network could be down the hall, or across country. If each of the network sites have access to the internet, you can create a ne…
    Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now