I have my asa 5505 connected to the outside interface to the main ISP Router (as in picture), and it has primary route to the IP of ISP Router.
i've setup also another DLINK router that is connected to WAN port to ISP Router and to LAN with CIsco ASA 5505 to port 7.
even i've made the primary default route to ISP router on my cisco asa 5505, and secondary to the DLINK router, if the outside interface link of asa is failed, the routes did not pass through DLINK router.
So the PC failt to have internet access, but when i could succefully ping from cisco asa to internet from cli or asdm.
Where is the problem?
to the gateway of PC?
If you are trying to use the Dlink as a back up connection to the internet, you should not have it connected to the inside of your 5505 as you are bypassing your security that is in place with the 5505. I would move the Dlink to the outside of the ASA.
How are you planning to set up the routing between the devices?
I've setup this scenario just for testing/learning purposes, and it did not work!
So you mean that i've to connect the DLINK to OUTSIDE interface of ASA 5505?
i'll give a try today, and i will tell you!
You can set up two interfaces on the 5505 on the outside VLAN, one for each router. You can then set up static routes and use Tracking to monitor the circuit being up or down. Check out Configuring Static Route Tracking at http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ip.html#wp1090243
Ok Darren, thank you for your advice.
i'll configure ports 0 and 1 to OUTSIDE interface, right?
and connect e0 to ISP router and e1 to DLINK router.
i'll try today night, and i'll do the configuration via ASDM (it is the same thing, right?)
Yes, that should work, just follow the document in the link above.
I tried with these 3 devices, but i could not connect two interfaces of OUTSIDE (i've put port 0 and port 1 to VLAN outside).
I doubt i need another router to connect from ASA e0 to DLINK, from DLINK to 4th Router, and this to ISP Router. right?
You do not need another router.
Can you please post a copy of your configuration on the ASA. Start by posting the output from: show route and from sh run interface.
Also post the IP addresses that are assigned to your two routers both inside and outside addresses.
Did you set up tracking on the outside interfaces? Per my earlier post?
How can i enter the 3rd device?
what IP address could i use for it?
i think this is impossible, because to my DLINK router, the LAN & WAN IP addresses must be on the same subnet, as ISP LAN subnet that is 10.1.1.0/24. Also my Cisco ASA 5505 Outside VLAN has IP in this subnet, and its ip address is 10.1.1.99
So i need a 4th router after DLINK, that will be in middle of DLINK and ISP Router.
I hope i'm clear and i'm right.
OK, here is how I would do it. I would assign 2 separate networks to the outside (which is how the 2 ISPs will supply it). So for the 1 router I would give the inside address 10.0.1.1/24 and the interface it connects to on the ASA to 10.0.1.2/24, for router 2 I would give the inside address of 10.0.2.1/24 and the ASA interface 10.0.2.2/24. The outside interfaces of the routers can connect together say on network of 172.16.1.0/24.
you can then set 2 default routes as below:
sla monitor 1
type echo protocol ipicmpecho 10.0.1.1 interface outside
sla monitor schedule 1 life forever now
track 1 rtr 1 reachability
route 0.0.0.0 0.0.0.0 10.0.1.1 1 track 1
route 0.0.0.0 0.0.0.0 10.0.2.1 100
then you can test by doing: show track and show sla monitor config
Don't forget, i've only Cisco ASA 5505 with basic license BUN-K9.
you mean i've to create a 3rd VLAN (except the INSIDE and OUSIDE?)
I think the device could not offer me this.
Sorry Erind, you are correct.. 5505 with basic license cannot do this.
I don't think you can do this without a 3rd router... unless anyone else has an idea.
i think i could do with 3 routers and my asa 5505.
look what is my idea:
R1 - ISP
WAN - DHCP from ISP
LAN - 10.1.1.1/24
R2 - After ISP
WAN - 10.1.1.2
LAN - 10.2.2.2
R3 - Between R2 and ASA 5505
LAN 10.1.1.3 (the same subnet as ISP Router)
CISCO ASA 5505
Ports 0 and 1 to VLAN OUTSIDE
IP of OUTSIDE VLAN 10.1.1.99/24
LAN (not changed 172.16.1.1)
Port 0 of ASA will be connected directly to Router 1 of ISP
Port 1 of ASA will be connected to LAN of R3
Then i'll add the default route with sla to R3 (i will monitor 10.1.1.3 IP address of 3rd router)
And the backup of this route will be directed to ISP Router to 10.1.1.1
I hope and think that this configuration is OK, right?
I was thinking that you could hook R3 to outside of ASA (R3 would have to have 3 interfaces), so interface 1 would connect to outside of ASA, interface 2 would connect to inside of R1 and interface 3 would connect to inside of R2. R1 would connect to first ISP on it's outside interface, R2 would connect to second ISP on it's outside interface. Routing on R3 would handle where to send traffic based on routing protocol or, less desirable, with static routes.
I don't quite understand your configuration above where was the WAN interface of R2 going to connect to? You have 5505 -> R3 -> R2
and 5505 -> R1 -> ISP