In this specific content I could reveal the way to configure a Cisco ASA 5505 firewall to be able to go to double ISPs to get redundancy purposes. Suppose that him and i possess a most important high-speed ISP connection, plus a cheaper DSL series attached that will a new Secondary ISP. Normally all of our visitors have to flow through the major ISP. If the chief hyperlink fails, this secondary DSL relationship have to possibly be utilised for Internet access. Please take note the fact that on top of situation is usually valid only intended for Outbound targeted traffic (i.e. from our inner community in the direction of the Internet). The features that will I could illustrate below works pertaining to ASA 5505 model 7.2(1) and above.
Assume that people are generally given a new static Public IP address of 100.100.100.1 out of Primary ISP and an additional static Public IP address of 200.200.200.1 out of some of our Backup ISP. We will use Ethernet 0/0 for connecting for you to Primary ISP, Ethernet 0/1 pertaining to joining in order to our Internal LAN, as well as Ethernet 0/2 allowing you to connect to help our own Backup ISP. We will certainly make several VLANs to aid our configuration. VLAN1 (the default Vlan) will probably be assigned for you to Ethernet 0/1 (inside), VLAN2 might be issued for you to Ethernet 0/0 (primary-isp) plus VLAN3 will probably be assigned that will Ethernet 0/2 (backup-isp). We have got to configure two static default avenues aiming towards the ISP trip address. The major ISP default path should certainly use a metric with 1 as well as copy ISP default road shall have a metric bigger in comparison with 1 (let's express 2). Let individuals find this configuration below:
ASA5505(config)# program ethernet 0/0ASA5505(config-if)# switchport access vlan 2ASA5505(config-if)# no shutdown
ASA5505(config)# software ethernet 0/1ASA5505(config-if)# switchport access vlan 1ASA5505(config-if)# very little shutdown
ASA5505(config)# program ethernet 0/2ASA5505(config-if)# switchport entry vlan 3ASA5505(config-if)# very little shutdown
ASA5505(config)# interface vlan 1ASA5505(config-if)# nameif insideASA5505(config-if)# security-level 100ASA5505(config-if)# ip target 192.168.1.1 255.255.255.0ASA5505(config-if)# absolutely no shutdown
ASA5505(config)# software vlan 2ASA5505(config-if)# nameif primary-ispASA5505(config-if)# security-level 0ASA5505(config-if)# ip target 100.100.100.1 255.255.255.0ASA5505(config-if)# copy program vlan 3ASA5505(config-if)# very little shutdown
ASA5505(config)# interface vlan 3ASA5505(config-if)# nameif backup-ispASA5505(config-if)# security-level 1ASA5505(config-if)# ip tackle 200.200.200.1 255.255.255.0ASA5505(config-if)# not any shutdown
ASA5505(config)# route primary-isp 0.0.0.0 0.0.0.0 100.100.100.2 1ASA5505(config)# road backup-isp 0.0.0.0 0.0.0.0 200.200.200.2 2
DOWNLOAD the top step-by-step configuration series regarding any Cisco ASA 5500 Firewall product Here.
No comments:
Post a Comment