Monday, 21 July 2014

Configure Copy ISP Redundancy upon Cisco ASA 5505 Firewall

In this posting I will explain tips on how to configure a Cisco ASA 5505 firewall to connect to be able to dual ISPs for redundancy reasons. Suppose that we have a primary high-speed ISP link, and also a less costly DSL brand connected to a 2nd ISP. Commonly our visitors must circulation from the primary ISP. In the event the primary hyperlink does not work out, the particular supplementary DSL link ought to be applied for Access to the internet. You should be aware that the above circumstances is legitimate only for Outbound visitors (i. age. coming from the central system to your Internet). This operation that we will describe underneath operates for ASA 5505 version 7. 2(1) as well as above.










Believe that people tend to be assigned a static Public IP handle regarding 100. 100. 100. 1 coming from Major ISP as well as an additional static Public IP handle regarding 200. 200. 200. 1 coming from the Copy ISP. We use Ethernet 0/0 for connecting to be able to Major ISP, Ethernet 0/1 for connecting to Central LAN, as well as Ethernet 0/2 for connecting to Copy ISP. We will generate a few VLANs to aid the construction. VLAN1 (the default Vlan) will likely be assigned to be able to Ethernet 0/1 (inside), VLAN2 will likely be assigned to be able to Ethernet 0/0 (primary-isp) as well as VLAN3 will likely be assigned to be able to Ethernet 0/2 (backup-isp). We also need to configure 2 static default avenues aiming for the ISP entrance handle. The main ISP default path will possess a metric of just one as well as the copy ISP default path will possess a metric larger than 1 (let's say 2). We will start to see the construction underneath:

ASA5505(config)# interface ethernet 0/0
ASA5505(config-if)# switchport access vlan two
ASA5505(config-if)# not any shutdown

ASA5505(config)# interface ethernet 0/1
ASA5505(config-if)# switchport access vlan 1
ASA5505(config-if)# not any shutdown

ASA5505(config)# interface ethernet 0/2
ASA5505(config-if)# switchport access vlan 3
ASA5505(config-if)# not any shutdown

ASA5505(config)# interface vlan 1
ASA5505(config-if)# nameif interior
ASA5505(config-if)# security-level 100
ASA5505(config-if)# ip handle 192. 168. 1. 1 255. 255. 255. 0
ASA5505(config-if)# not any shutdown

ASA5505(config)# interface vlan two
ASA5505(config-if)# nameif primary-isp
ASA5505(config-if)# security-level 0
ASA5505(config-if)# ip handle 100. 100. 100. 1 255. 255. 255. 0
ASA5505(config-if)# copy interface vlan 3
ASA5505(config-if)# not any shutdown

ASA5505(config)# interface vlan 3
ASA5505(config-if)# nameif backup-isp
ASA5505(config-if)# security-level 1
ASA5505(config-if)# ip handle 200. 200. 200. 1 255. 255. 255. 0
ASA5505(config-if)# not any shutdown

ASA5505(config)# path primary-isp 0. 0. 0. 0 0. 0. 0. 0 100. 100. 100. two 1
ASA5505(config)# path backup-isp 0. 0. 0. 0 0. 0. 0. 0 200. 200. 200. two two

You are able to DOWN LOAD a whole Step-By-Step construction guide for virtually any asa 5505 security Firewall The following.