Cisco WAN :: BGP Multihomed ISP Dual Routers And ASA 5520
Aug 3, 2010
I have a client that is requesting redundant internet connections using 2 7204 routers to 2 asa 5520 in an active standby configuration. There is no load balancing requirement this is strictly for failover. The issue that I am having is that I have to have 1 of there public IP addresses on the Lan side of the 7204 for the ASA connectivity. Because of this both routers advertise out their public subnet to the respective providers, but the issue is that when the wan link on the primary router fails and traffic traverses the secondary wan the return traffic comes back in the secondary wan and stops because it sees the link to the asa as being up even though the asa is in standby. No matter what route manipulations I do a directly connected route is alway going to be better. How I can get this to work. Below is a rough sketch:
Verizon------Router A (Primary)-----ASA A (Active)--------------Nexus1
| | |
| IBGP | Keepalive | VPC Link
| | |
AT&T---------Router B (Backup)-----ASA B (Standby)------------Nexus2
View 6 Replies
ADVERTISEMENT
Mar 29, 2012
I wanted to ask a question about the diagram I have included. We are bringing up 2 MPLS WAN connections and would like some specifics on the best design. We are using BGP to the providers. From there we have big questions. We can run BGP internal and are licensed to do so on the N5K's. The N5Ks are currently using HSRP for inside LAN clients as default gateway. We want to load balance and provide redundant routes using a dynamic approach. Should we use BGP internal utilizing the connections between the routers? Should we use HSRP on the routers? How best to get the routes to the N5K and should we be considering this?
View 5 Replies
View Related
Feb 21, 2013
I run 2 RV042 V1 for home and office with Gateway to Gateway VPN connection with single WAN connection in use. Everything works like a charm!
I was even able to create VPN connection with 2 WAN connection on one Router and 1 WAN connection on another with Smart link failover and VPN Tunel Backup.
I got problem though when i tried more complex connection diagram. [URL]
So basically I now have 2 ISP connections on each point with Static IPs and I'd like VPN Connection to be alive for ALL 4 options automatically with failovers (smart links) And tunel backups but i'm not sure if that's ever possible with my equipment.
View 2 Replies
View Related
Dec 30, 2012
I configured dual ISP on ASA 5520 following cisco doc below. Now I would like to configure SSL VPN to work with this for failover? I tried to find an article regarding this but I could not. [URL]
View 3 Replies
View Related
Mar 12, 2011
I have Cisco ASA 5520 . I want to deploy this in the following scenario. Two ISP( for internet) links are connected in the ASA. Three zone ( Outside , DMZ , Inside) specified on the ASA.In DMZ , there are two proxy server ( proxy 1 , proxy 2) . Branch user will use proxy server 1 and Head office will use proxy 2.
In the above scenario management requirements are, Proxy 1 will use ISP 1 and proxy 2 will use ISP 2.If ISP 1 goes down then proxy 1 will use ISP 2 for internet. Please suggest me how I will configure the ASA in the above requirements or if possible send me the configuration.
View 3 Replies
View Related
Jul 10, 2011
We got 2 ISPs -------> two ASA 5520 Primary / secondary --------> LAN . ASA is configured with ACL and Static NAT for our mail , web & ftp servers .
My question is how to configure the 2nd ISP on the ASA to auto switch to the 2nd ISP when the 1st is down with a backup static NAT and backup ACL for the new ISP , in other words how to configure a active static NAT and Backup Static NAT and ACL only for Exchange/Mail Server.Here is the example of our configuration where PIE is Primary ISP & EMC is Backup ISP.
ASA Version 8.2(1)
hostname Corp-ASA
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
[code]....
View 1 Replies
View Related
May 31, 2013
I would like to knwo if i have dual ISP feature with my ASA 5520 licence? With ASA 5505 i can see Dual ISP feature but with ASA 5520 it's not!
View 3 Replies
View Related
Dec 14, 2011
I inherited a network redesign project mid implementation and ran across an issue that I was not 100% sure able to be resolved. Implementation is occurring in which the organization is changing over to a different ISP and we have some customers that will not be able to change their settings over to our new addresses from some time. I have seen a lot of posts about fail over and dual ISP configurations, but I could not relate them to this particular scenario.
View 3 Replies
View Related
Dec 13, 2011
Not sure if my subject is a good decription of the problem or not.
I have an ASA 5520 at my home office and a SonicWALL NSA2400 at my remote office. The remote office has dual internet connections and I wanted to create two seperate VPNs between the devices using each internet connection on the SonicWALL.
I know how to configure this on the SonicWALL, the problem is on the ASA 5520
OK Basic network config
Main Office
ASA Public IP 1.1.1.1
ASA Internal network 192.168.1.0 (VPN source)
Remote office
Public IP 1 2.2.2.2
Public IP 2 3.3.3.3
Iternal network 192.168.2.0 (VPN destination on ASA)
If I have a VPN from the main ASA to either one of the SonicWALL's public IPs everything works fine
If I create 2 VPN tounels from the main ASA, 1 to each public IP on the SonicWALL, the VPN shows as up but no traffic flows.
View 1 Replies
View Related
Dec 6, 2012
I recently configured WCCP with a Sophos Web Filter on my network it works good but the problem I am having is I have two 5520s so I am directing the device to look at 2 different IP addresses and since the devices are in an Active/Passive failover. The problem is because the second device is in a passive failover it is not responding which is throwing connection errors to my Sophos device. I know you can have a single management connection for the ASA's but is there a way to have a single IP for the ASAs for the WCCP?
View 1 Replies
View Related
Oct 9, 2011
We are looking to deploy an ASA 5520, but I need to know if it is possible for it to work in this environment.
We have colo space, with two IP ranges. They provide two network drops, one from each switch connected to different routers. One in which has 4 usable IP's for management purposes. This address range will be used only for remote access to the ASA and VPN into the management VLAN. The management VLAN will have all internal devices such as the switches, etc. The second range is for the servers, of which will be assigned directly to the hosts and the ASA will need to act as just a firewall. I can do this on IOS, but not sure about the ASA.
I need to answer the following questions:
Does the ASA support dual network drops, and would this be a failover port configuration in order for it to work?A management VLAN with outbound internet access only, and VPN/RA capability. NAT will need to be used I'm guessing. Can we have a DMZ VLAN which has defined ports, say 80, 443 and 25 inbound and outbound. I need the hosts to have the public IP assigned to them with no NAT configuration.
I know there are some advantaged to using NAT, but I really can't use it because the applications behind prefer public IP's being assigned to them.
View 23 Replies
View Related
May 17, 2011
I need to move the client machines off of the 3750 (and their DHCP dependency on it) to the SGE2010 and absolutely route their internet traffic out through the outside interface on the 5505. They must also be able to communicate back into the internal environment in order to communicate with the production servers.
The clients currently use .254 addressing through a dumb dell switch to the 3750 but I am trying to migrate them over slowly to the .253. I know that the 2010 will not do DHCP, so I am putting a DHCP server on that switch right now. The 5505 won't let me add an additional nameif statement onto one of the other eth0/x interfaces and I'm not sure if that has anything to do with it's capabilities to act as a DHCP server (it's not an option in the ASDM) or it's ability to serve as the internet gateway for the 2010 clients. (Side notes: The 5505 has a base license and is currently also connecting 1 site to site VPN. As is the 5520, so all of it's interfaces are used as well).
I statically assigned a moved client with a .253 address and plugged it into the 2010. I have tried giving the 2010 both a .4 address and a .253 address but neither will allow me to ping any of the addresses on the 5505. The 2010 shows automatic routes to the two subnets and I set it's default route to 253.1. The link between the 2010 and the 3750 works - clients receive a .254 address from the 3750 and can get out to the internet via the 5505 and reach the production servers as well.
Why won't the 2010 see the 5505 as a gateway and allow clients to get to the internet and also traverse the 3750 when they need access to the production network?
The reason why I dont' just connect the two swtiches and call it a day is because I also need the production servers to ALWAYS go out/receive web requests via the 5520 outbound/outside interface. I'm having such a hard time wrapping my head around why i can't get my clients moved over to the new switch, I haven't even grasped how I'm going to do that yet.
View 1 Replies
View Related
Sep 16, 2012
I have the following: 1 5520 ASA connected to the internet, 2 core switches, and several access switches.Aside from implementing RSTP, VRRP, hard code access and trunk ports, is there any other recommendation you would like to add.
View 7 Replies
View Related
Dec 24, 2012
We have two internet connections with 2mbps each. I would like to go for Wireless Dual WAN Router. know the +ve and -ve of this usage. know the best modals. We have 30 macs in my company.
View 3 Replies
View Related
Nov 1, 2011
I have 5 cisco 1812 routers that i set up in a hub-spoke dmvpn configuration between 5 sites. All routers have a secondary internet connection . Could i set up a second tunnel interface on each router to create a backup dmvpn that will use this secondary internet connection? i use EIGRP for routing.
View 2 Replies
View Related
Dec 10, 2012
2 router to connect my phone system to a Sip trunk provider router and to extend my Lan segments so the phone system have internet access.i need it this way because i cant put 2 default gateway in my phone system so the cisco Rv042 is the default gateway of the phone system and i use port fowarding of the UDP ports 5060 to point to the system.and i also use protocol binding of these ports to the Wan 1
Phone system connect to a switchport The sip trunk router connect to the Wan 1 My lan is connected to the Wan 2 Everything is working fine exept this intermittent issue : Each hour or so my sip trunk stop working. to make it start working i need to unplug my Wan 2 connection and wait for 1 minute.
View 4 Replies
View Related
Jun 5, 2013
We are connecting to a Cisco DPC3825 cable modem supplied by our ISP. It has been configured to act as a switch only. They have supplied us with 2 static IP addresses.
When each WAN port is connected individually, everything is fine. I see the IP addresses on the respective WAN port, and it is working fine.
When I connect both WAN ports to the modem at the same time, I see a large amount of traffic between the WAN ports, as indicated by the port LEDs, and the RV042G becomes completely non-responsive through its web interface.
How do I get the RV042G working with both WAN ports connected?
View 3 Replies
View Related
Mar 10, 2011
I', trying to open my ports 80 and 37777 and have successfully opened them on my linksys router but behind that I have an at&t modem/router....My questions is how do I find the URL number to access my second router to open the ports on it also?
View 3 Replies
View Related
Jul 23, 2012
I use a RV082 with dual Wan and I cannot configure two SMTP.
Without authentication; a SMTP is specific of the provider.
When WAN1 comes down, SMTP to be used is the SMTP corresponding to WAN2 and vice versa.
Implementation of authentication with the mail server wil be useful. Possibility of two mail servers with indication of the corresponding WAN is also useful.
View 1 Replies
View Related
Mar 5, 2012
We have a RV082 configured with two ISP Wan connections. We recently implemented a VOIP phone system (SIP) (192.168.1.50) that is being used in appliance mode on our network. We currently have two WAN connections Load Balanced. My goal is to configure all my VOIP traffic to go out through the 1st ISP and the rest of the data through ISP #2. is this possible to achieve using the RV082? We are using a Skype SIP Trunk connection.
View 1 Replies
View Related
Jun 12, 2012
RV082 configured for Dual WAN [Code]....
(2) identical DSL connections, configured as Static IP (not PPPoE) with modems in bridged mode. Static IP's are /25 subnet and same gateway ** this may be a problem? Dual WAN set for Load Balance, network service detection is OFF
We have a 2003 terminal server running and successfully receiving connections through both WAN connections. Depending on location, half the users are connecting to WAN1 IP and the other half to WAN2 IP. We are getting sporadic disconnects of the remote users when they are idle for a couple minutes and automatic reconnection of the session takes over a minute. If they close the (locked up) session and reconnect manually it will let them in right away.
Could the handling of the Dual-WAN be the culprit? Could the same gateway for both WAN's create this issue upstream (out of my control)?I am going to move everyone to connecting through WAN1 and then change to Smart Link Backup and see if the issues persist.
Another thought is to use a secondary IP on the terminal server and use Protocol Binding to match "All traffic" for IP1 to WAN1 and IP2 to WAN2, which theoretically would stabilize the situation?
View 36 Replies
View Related
Jan 11, 2012
Cisco RV220W works in 2.4GHz or 5GHz.There is any plan to support these bands simultaneously?
View 1 Replies
View Related
Aug 19, 2011
I need configuring Cisco RV042 dual wlan and port forwarding for 2 servers web and dns in LAN
View 1 Replies
View Related
Dec 25, 2012
I just upgraded from RV-042 to RV-042G on 24.Dec.
My previous connections are : (1st) 100Mbps ISP connection, (2nd) 200Mbps ISP connection (fibre to home)
Before upgrade, my RV-042 worked very stable.
After using Migration Tools by exporting RV-042 current config and converted to V3 configuration, the converted configuration was imported to RV-042G.
In beginning, RV-042G woks fine after imported converted configuration file. Unfortunately, after around 1 hour of use, my iPad (through an Apple Airport Extreme Station) and wired PC could not browse internet.
But, port-forward to 3 IP-cam still be able to access by my iPhon4 through Carrier 3G connections.
After a reboot of RV-042G, internet connection comes back. But, after an hour of use, the same issue happened again.
RV-042G makes me fluctuated. I will fallback to RV-042 from now on and wait for any further firmware improvement from Cisco/Linksys.
My previous RV-042 and current RV-042G config:-
* WAN1 : 100Mbps ISP connection
* WAN2 : 1Gbips ISP connection ( 200Mbps max throughput)
* LAN1 : connected to Apple Airport Extreme
* LAN2 : connected to Linksys 16-port FastEthernet switch
* LAN3 : idle
* LAN4 : connected to an Intel i7 PC
* Dual WAN link mode with bandwidth management, all internet connection from PC will stick on WAN2
View 2 Replies
View Related
Jan 7, 2013
I'm in the process of finding a dual WAN router with VPN support, that allow me to redirect some traffic to one specific WAN port and do load balancing of that specific traffic in case of that WAN failing (this last requirement is preferably but isn't fully needed).
Does the RV042/G could work with that? In that case, does it allow protocol redirect only? What about ip/ports redirecting? Or some kind of packet filtering to redirect to specific WAN ports?
View 6 Replies
View Related
Mar 17, 2013
I bought a RV042G router some days ago to manage 2 adsl lines at my home. Everything works correctly except one thing : i can't configure the bandwidth management. When i go to "Bandwidth Management" menu, then "Bandwidth Management Type" then i choose rate control or priority and i a had some rules to priorize http protocol for example, then i click on save button. After a few seconds of internet usage i loss connectivity to the router and internet and 192.168.1.1 became unreachable to ping. I had to unplung the power cord to restart the router, the same problem still occurs until i remove all the rules ! Some times i even had to do a factory reset because my adsl modems are unreachable behind the router (unable to ping the gateway).
View 4 Replies
View Related
Apr 22, 2013
Cisco RV042 Dual WAN VPN Router -how to configure dynamic DNS without having to use the pre-programmed DDNS companies that are populated by default if my DDNS company is not listed and you cannot manually enter another company that is not on the list?
View 1 Replies
View Related
Dec 23, 2011
I have my RV042 set up in Dual WAN mode and both WANs are working properly. I would like to configure WAN1 to handle all traffic, unless it fails and then have everything to go to WAN2. Pretty much what Smart Link Backup does, however with that enabled only 1 of the WANs is live at any given time. I'd like both WANs to always be live as I'm going to see the second one as a back-door into the network. Is this possible to do with routing? I tried setting a routing rule to have everything to go WAN1, but when WAN1 goes down, nothing is rounted via WAN2.
View 0 Replies
View Related
Sep 19, 2012
I have an RV042 (it's old, silver/dark grey plastic front one) w/ firmware 1.3.13.02-tm.
The reason we bought this (long ago) was to balance two WAN connections, one with unlimited data and one capped monthly. It did that once, but for a couple years both connections have been unmetered so it's just been balancing them 50/50. As of today one WAN connection (the new much faster one) is back to being metered but I can't figure out how to configure the RV042 as it once was to prefer sending traffic over the slow, unmetered connection first, and only use the faster metered connection when necessary.
It's been a long time and honestly I only vaguely remember the ability to prioritize a connection based on % of bandwidth used so that all traffic would go over the unlimited connection 1st until it was flooded, and only then fall over to the metered connection. This is totally different than the weighted round robin, or smart link backup.
I found this 3rdparty forum post that supports that vauge memory and suggests this was eliminated between firmware 1.23 and 1.3: [URL] Is it possible to replicate this functionality with the current firmware? if so how? If not, how to do roll back to firmware 1.23?
It sounded like perhaps I could assigned WAN1 a bandwidth of 100000 (even though it's really 1500) and then assign WAN2 a bandwidth of 1 (even though it's really 20000) and the result might be the prioritization I'm looking to achieve... but I feel like I'm stumbling in the dark at the point.
View 1 Replies
View Related
Dec 16, 2011
How can I use the dual LAN of my PC to share internet with my notebook? The PC is at school where it uses a static IP and I would like to avoid buying a wireless router for this purpose.
View 3 Replies
View Related
Feb 19, 2012
i am going to purchase a Simultaneous Dual Band Router with Gigabit Lan. Can anybody tell me whats the transfer speed it got on Concurrent Dual Band 900(450+450) , 750(300+450) and 600(300+300). I am going to use it for hard drive that can network attached or may be just external hard drive via USB interface.
View 2 Replies
View Related
Dec 1, 2012
How do I utilize the dual band feature on my belkin N750 DB? Do I have to set up two separate networks? Even then how when my devices PC, iPod, gaming devices are only recognizing the 2.4GHz band network?
View 3 Replies
View Related
Nov 18, 2012
I got the N600 DB Wireless Dual-Band USB Adapter in October 2012. How do I install it on Windows 8?
View 1 Replies
View Related
