ASA two outside interfaces (Internet,WAN)

what is the beset solution to use Cisco ASA with two outside points (Internet and WAN)
also users need to access the WAN on the same time they need to access internet
and can we use IP SLA on firewall to prefer internet interface for internet and WAN interface for WAN connectivity?
XX-Topology.vsd
Ayman RoyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ffleismaSenior Network EngineerCommented:
I think it would be more of a routing protocol requirement rather than policy based routing.

IP subnets across the WAN are private IP range. You can run a routing protocol on the ASA, then have both the internet router and the WAN router announce the IP subnets of the WAN with the WAN P2P link having a better metric.

With regards to the internet, that can still stay the same default static route.

Let me know if this helps or if you have any further questions, I'll be glad to help out!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ffleismaSenior Network EngineerCommented:
The ideal scenario is that you would be able to run an IGP (Internal Routing Protocol, ie: RIP, EIGRP, OSPF) between your WAN side and the WAN-rtr.

Here is how it would look like.
Scenario 1
The routes coming from the WAN P-2-P link is given better metric (preference) than the one being announced by the Internet-RTR.

Second scenario is that you cannot run a routing protocol between the WAN P2P link. What you can do is use a static route on the WAN-RTR and redistribute it to the routing protocol between the WAN-RTR and the ASA.
Scenario 2The third scenario is a variation of the second one, you can add IP SLA on the WAN-RTR and Internet-RTR which probes the reachability of the WAN (edge IP or even internal IP). If probing indicates loss of connectivity to the WAN, the static route is removed and not redistributed to the routing protocol between the routers and the ASA.
Scenario 3Hope this helps, let me know which path you can and wish to take. If you have any questions, I'll be glad to help you out!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.