• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 412
  • Last Modified:

Router for 2 lans into one DSL line with second DSL line as backup

I have an ASA-5505 at my disposal but a very rudimentary ability to make it do what I need, and this is over my head.

i have a higher speed DSL line and a lower speed fractional T1 line. Both are "modemed" to be ethernet connections.

I also have 2 lans, one on a 10.x.x.x segment that is important and needs protection and one on a 192 .x.x.x. segment that is for a more open WiFi and PC network. These two should NEVER see each other.

I would like both to use the higher speed DSL connection until it fails then move to the lower speed one as a backup.

Many devices on the 10.x.x. segment are simple widgets and do not recognize a VLAN so I have to keep these networks physically separate.

Will the ASA-5505 do what I want and can anyone here help me with config? I am hoping to take a stab at this Friday morning.
0
Salad-Dodger
Asked:
Salad-Dodger
  • 5
  • 3
1 Solution
 
Norm DickinsonGuruCommented:
The easiest way to set this up is to add a dual-wan router and feed the LAN side of it into the Cisco ASA-5505, right where the web is going now. I just installed a very inexpensive TL-R470T model by TP-Link that has one dedicated WAN, one dedicated LAN, and three additional ports that can be configured as either WAN or LAN in any combination, allowing up to four different ISP WAN connections if I choose. It can be set up to pool speed (additive) or to failover and has a lot of additional features. It's pretty easy to set up. I've worked with the ASA-5505 models on a few occasions and they are pretty particular in how you set them up - and fairly unforgiving if you are not familiar enough with them, but capable of the task if you prefer to go it that way. If you decide to go with an inexpensive multi-wan router, buy two and set them both up the same way, so that if one does fail, you can simply plug the other one in with a minimum of downtime. (There are higher quality devices out there that perform this function as well.)
0
 
Salad-DodgerAuthor Commented:
Thank you for the reply - I just looked at that device on the web, the feature that is missing is the isolation between lans. I would need it to have to different gateways exposed to each lan. I understand how the cisco could continue to provide that feature, but my first choice would be to reconfigure the cisco (or replace it completely) so I don't wind up with a daisy chain of devices.
But that is a neat device, I will keep it in mind.
0
 
Norm DickinsonGuruCommented:
I can provide a couple of manuals for the ASA-5505 device if that helps. See attached.
Cisco-ASA-5500-Series-Adaptive-S.pdf
Cisco-ASA-5505-Installation-Guid.pdf
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Salad-DodgerAuthor Commented:
Thank you again. I ordered the device you recommended, it was really inexpensive, and it might get me some speed until I can figure out the ASA.  

But the ASA remains the goal.  :)

I gotta get support from cisco on this thing so I can update the firmware. Forgot about that...
0
 
marek1712Commented:
Assign security level to the VLAN interfaces (yes, make separate VLANs for these two LANs).
In the global config mode you'll be able to issue:
same-security-traffic permit inter-interface
Which speaks for itself.
For the failover link:
Check THIS post.
0
 
Salad-DodgerAuthor Commented:
I haven't done this config in several years when this was first installed, even then I had a lot of help from someone here who did essentially ALL the config. I just typed it in. While I understood what I was typing at the time, that knowledge has been purged from the brain so I'll have to figure this out all over again.
I will grab the box this evening and post the running config and my attempts to translate the post you referenced and your command.
0
 
Salad-DodgerAuthor Commented:
Can't get into this one, PW not what was written on it. I  will need to start from scratch after I reset it ... No way I can pull this off now. Help?
0
 
Norm DickinsonGuruCommented:
Dual WAN router anyone?
0
 
Salad-DodgerAuthor Commented:
Your solution worked well enough to give me time to figure out the ASA. And it was really simple to implement. Thank you for that suggestion.
I still want to make the ASA do this job, but mostly for my own education so I'll start another question. I have to wipe the ASA and get the firmware current first. Once thats done, I'll be back.
Thank again.
0

Featured Post

IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now