ASA two outside interfaces (Internet,WAN)

what is the beset solution to use Cisco ASA with two outside points (Internet and WAN)
also users need to access the WAN on the same time they need to access internet
and can we use IP SLA on firewall to prefer internet interface for internet and WAN interface for WAN connectivity?
Ayman RoyAsked:
Who is Participating?
ffleismaSenior Network EngineerCommented:
I think it would be more of a routing protocol requirement rather than policy based routing.

IP subnets across the WAN are private IP range. You can run a routing protocol on the ASA, then have both the internet router and the WAN router announce the IP subnets of the WAN with the WAN P2P link having a better metric.

With regards to the internet, that can still stay the same default static route.

Let me know if this helps or if you have any further questions, I'll be glad to help out!
ffleismaSenior Network EngineerCommented:
The ideal scenario is that you would be able to run an IGP (Internal Routing Protocol, ie: RIP, EIGRP, OSPF) between your WAN side and the WAN-rtr.

Here is how it would look like.
Scenario 1
The routes coming from the WAN P-2-P link is given better metric (preference) than the one being announced by the Internet-RTR.

Second scenario is that you cannot run a routing protocol between the WAN P2P link. What you can do is use a static route on the WAN-RTR and redistribute it to the routing protocol between the WAN-RTR and the ASA.
Scenario 2The third scenario is a variation of the second one, you can add IP SLA on the WAN-RTR and Internet-RTR which probes the reachability of the WAN (edge IP or even internal IP). If probing indicates loss of connectivity to the WAN, the static route is removed and not redistributed to the routing protocol between the routers and the ASA.
Scenario 3Hope this helps, let me know which path you can and wish to take. If you have any questions, I'll be glad to help you out!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.