Solved

Cisco ASA5505 with Two Internet Connections

Posted on 2013-01-20
7
1,804 Views
Last Modified: 2013-01-23
I am attempting to setup a new Cisco ASA5505 Firewall.

I have two DSL connections.  What I am trying to accomplish is have everyone on the network connecting through one DSL Connection and then have the second DSL used for my servers (email,web, etc).

Do I need the security plus bundle and DMZ capability?  Or can it be done without it?  I'm not looking for failover, just the ability to have both connections operational and have some port forwards through one DSL and other port forwards through DSL2.

I have setup my 0/0 interface with the first internet connection and have it operational.

I have tried setting up 0/1 as the second interface and then setting up Access Control and NAT rules on the second interface but I just can't figure it out.
Any help will be greatly appreciated.
0
Comment
Question by:truth_talker
7 Comments
 
LVL 17

Expert Comment

by:MAG03
ID: 38799261
yes you will need the security plus license to enable use of the 3rd VLAN.

for interface 0/1 are you trying to set that up for the LAN?  When you say you cant figure it out, could you please explane a little more of what is going wrong.

What version of ASA are you running?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 38799567
You cannot use dual external connections for anything other than failover from one to the other. You cannot divide traffic like you want. The ASA is not capable of source-based routing which is required for your plan. We do this all the time on Cisco routers, but not on ASA.
Sorry to throw a monkey wrench in the plans..
0
 
LVL 17

Expert Comment

by:MAG03
ID: 38800303
Ah of course, The ASA only supports one active default route at a time.  I forgot about that.
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 3

Expert Comment

by:jeffmorlen
ID: 38801374
I concur.
Only one route can be active at a time.
0
 
LVL 8

Accepted Solution

by:
pgolding00 earned 500 total points
ID: 38803720
all the above is correct, but this
http://www.packetu.com/2011/11/28/egress-interface-selection-on-the-cisco-asa/
might be useful. have not tested it myself, so cant guarantee that it works. and, as the article states, understand how arp behaves before trying to use this method. and note the comment towards the end about which link inbound traffic initiates on, because you are losing the ability to use tracking, sla and failure coverage of any form.

alternatively, put a router in front of the asa and connect the dsl links to that.
0
 

Author Comment

by:truth_talker
ID: 38803759
Not sure how I did this or how I got it to work.  But I ended up enabling port 0/1 and blocking traffic to 0/1.  Then put two static routes in for the default gateways for both DSL connections.  I put a dynamic NAT on 0/0 and all the static NAT's/Access Rules on 0/1 and it's working.

May have an issue if I need to do static routes on 0/0, but shouldn't need that to my knowledge.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 38812903
Sweet! Even us old dogs can learn new tricks!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now