Announcement

Collapse
No announcement yet.

Cisco 1811 Dual WAN configuration and do I still need ISA 2004

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco 1811 Dual WAN configuration and do I still need ISA 2004

    Currently have 100 user environment with Exchange 2003, Outlook web access, web and FTP servers using ISA 2004 for the firewall.
    We are adding a second ISP for reliability and speed. ISA 2004 or 2006 does not support dual WAN interfaces. I will have a cable modem with 13 fixed IP addresses and currently have a T1 with 5 fixed IPs.
    I have a Cisco 1811 but need to know how to configure the load balancing and failover (the built in wizards do not do this part).
    Can I eliminate the ISA server? The 1811 seems like the firewall is just as capable.
    I was planning on using 3 different internal networks, users and servers, DMZ for FTP and Web servers and a management network for the the server management cards.
    Will Microsoft PPTP VPN still work through the 1811?
    I have searched site for configuration help and looked at the articles but I only see pieces of what I think I need.

    Thanks in advance

  • #2
    Re: Cisco 1811 Dual WAN configuration and do I still need ISA 2004

    Do you want to load-balance the links or do you want to use the ADSL as primary with the T1 as a fail-over?

    To load-balance all you need to do is configure two default routes, one pointing to the ADSL interface and one pointing to the T1 interface. This will provide per-destination load balancing but if you want per-packet load balancing you will need to enable process switching

    To use the ADSL as primary and T1 as a fail-over, just configure a default route to the ADSL interface and a floating default route to the T1 interface.

    If you are only using the ISA as a firewall then you do not need it as you can configure secure Content Based Access Control lists (CBAC). If you are using the latest IOS version then you can look at using the new IOS Zone Based firewall. This will allow you to configure your inside, outside and public security zones.
    Infrastructure Architect
    CCNA, CCNA Security, MCSE, JNCIS

    Comment


    • #3
      Re: Cisco 1811 Dual WAN configuration and do I still need ISA 2004

      The ADSL is actually cable broadband 12 meg down and 3 meg up. I will likely just use failover as the T1 is only 1.5 meg and it will be downgraded to an ADSL 1.5meg line when the contract is up. I am a Cisco newbee so I am looking for sample configs I can load and test with to get this working before I actually do the swing and go live. I assume I need to add the MX records to both ISPs and weight the primary one accordingly.

      Comment


      • #4
        Re: Cisco 1811 Dual WAN configuration and do I still need ISA 2004

        You have an 1811 series router so I guess that you will be using the 10/100 Ethernet WAN interfaces. In this case you will need to configure the static routes to point to the next-hop address as apposed to the interfaces:

        A static route config is done as follows:

        Router(config)# ip route <destination> <subnet mask> <next-hop address>

        To configure a primary route and a floating you will need:

        Router(config)# ip route 0.0.0.0 0.0.0.0 <next-hop address_ISP1>
        Router(config)# ip route 0.0.0.0 0.0.0.0 <next-hop address_ISP2> metric 10
        With regards to the MX records then yes that would be OK.
        Infrastructure Architect
        CCNA, CCNA Security, MCSE, JNCIS

        Comment

        Working...
        X