Configuration backup ISP Redundancy on the Cisco ASA 5505 Firewall
In this article I will explain how to configure a Cisco ASA 5505 firewall to connect two ISPs for redundancy. Suppose we have a leading high-speed ISP and DSL line is connected to a cheaper secondary ISP. Normally all our traffic should flow through the primary ISP. If the primary link fails, the secondary connection for the DSL Internet access is available. Please note that the above scenario is valid only for outgoing traffic (that is, from ourInternal network to the Internet.) The feature that I've worked for ASA 5505 Version 7.2 (1) and above.
Suppose you have a static public IP address assigned by your primary 100.100.100.1 and other static public IP address 200.200.200.1 backup of our ISP. We use Ethernet 0 / 0 to connect to the primary ISP, Ethernet 0 / 1 for the connection to our internal LAN and Ethernet 0 / 2 for connecting up our ISP. We are three VLANs to support ourConfiguration. It is VLAN 1 (the default VLAN) Ethernet 0 / 1 (internal) 2 will be assigned to the VLAN assigned to Ethernet 0 / 0 (first ISP) and VLAN3 is Ethernet 0 / 2 (Backup ISP) to be assigned. We also need to configure two static routes for the default reference address of the ISP gateway. The primary default route has a metric of 1 ISP and the ISP will have a backup default route metric is greater than 1 (say 2). Let's review the following configuration:
ASA5505 (config) # interface ethernet0 / 0
ASA5505 (config-if) # switchport access VLAN 2
ASA5505 (config-if) # no shutdown
ASA5505 (config) # interface ethernet 0 / 1
ASA5505 (config-if) # switchport access vlan 1
ASA5505 (config-if) # no shutdown
ASA5505 (config) # interface Ethernet 0 / 2
ASA5505 (config-if) # switchport access VLAN 3
ASA5505 (config-if) # no shutdown
ASA5505 (config) # interface vlan 1
ASA5505 (config-if) # nameif inside
ASA5505 (config-if) # security-level 100
ASA5505 (config-if) # ip address 192.168.1.1 255.255.255.0
ASA5505 (config-if) # no shutdown
ASA5505 (config) # interface vlan 2
ASA5505 (config-if) # nameif-primary isp
ASA5505 (config-if) # security-level 0
ASA5505 (config-if) # ip address 100.100.100.1 255.255.255.0
ASA5505 (config-if) # interface VLAN 3 up
ASA5505 (config-if) # no shutdown
ASA5505 (config) # interface VLAN 3
ASA5505 (config-if) # nameif backup-isp
ASA5505 (config-if) # security level1
ASA5505 (config-if) # ip address 200.200.200.1 255.255.255.0
ASA5505 (config-if) # no shutdown
ASA5505 (config) # route 0.0.0.0 0.0.0.0 100.100.100.2 Primary isp a
ASA5505 (config) # route 0.0.0.0 0.0.0.0 200.200.200.2 backup-isp 2
You can get a complete step-by-step tutorial for configuring firewall Cisco ASA 5500 DOWNLOAD HERE.
Danos tu comentario
Post a Comment