Duel WAN link ER605v2 Cisco ASA 5520

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Duel WAN link ER605v2 Cisco ASA 5520

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Duel WAN link ER605v2 Cisco ASA 5520
Duel WAN link ER605v2 Cisco ASA 5520
2023-05-31 08:59:15
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: v2

There is an old post on this but not able to find the answer in question, i will have two ISP WAN connections from this I am trying to link the ASA 5520 that has three interfaces Outside (connection of single ISP) Inside (connection of all VLAN HP switch), DMZ VLAN for Hosted Web Servers (inside traffic).

 

I can configure the WANS with no issues but trying to understand that one of the LAN ports (4) would need to direct back to the Outside Interface of ASA

 

 

Here is what I am trying to cover, but when I make a link from LAN Port 4 to Outside Interface on the ASA 5520 it pings but when I cover a test route it does not complete in the desired number hops, I have trued to Add Route but some options are not that clear.

 

The LAN port does require a VLAN tag and used 2 for this as it does not exist on my existing network and did not want conflicts and in it self is not seen on Existing LAN

 

Please if any one has covered this could you please provide details with DIA or point to any YouTube video that has done alike connection on main core router.

 

 

Does TP-Link have any supporting documentation, I work within a school and hope to pass this information on further to other schools UK based.

 

 

Thanks for your support.

 

 

  0      
  0      
#1
Options
24 Reply
Re:Duel WAN link ER605v2 Cisco ASA 5520
2023-05-31 13:40:11 - last edited 2023-05-31 18:37:54

  @Freddo 

If I understand you correctly, you want to use an ER605 in front for WAN failover, isent it easyer with WAN failover on Cisco ASA,

 

  0  
  0  
#2
Options
Re:Duel WAN link ER605v2 Cisco ASA 5520
2023-05-31 20:12:05 - last edited 2023-05-31 20:30:16

  @shberge

 

The Cisco ASA 5520 can do failover but I have inline two ISP 1GB that wish to load balance, mentioned this on the dia not in my statement, my thinking the ASA sees the Outside as a link been looking over our existing ASA working on one ISP to understand more, you can enable DNS on interfaces that may need resolve.

 

Routing should work as it should be no more than an internal vlan switch placed internal.

 

hope to use the tools trace route ping from one interface to other see where it fails.

 

what I do not understand is setting of interfaces

 

outside 0.0.0.0   0.0.0.0  IP address for ISP

 

when I try to create another interface

 

VMoutside 0.0.0.0   0.0.0.0 ip address from Virgin Media.

 

it fails on configuration saying conflict on other interface.

 

I need to check on this if it was used else where on the Cisco ASA, looked but could not find any other referance

 

But in this post you can configure interfaces with  0.0.0.0   0.0.0.0 

 

ASA/PIX 7.x: Redundant or Backup ISP Links Configuration Example - Cisco

 

As here using track as failover

 

!--- NAT Configuration for Outside and Backup  route outside 0.0.0.0 0.0.0.0 10.200.159.1 1 track 1  !--- Enter this command in order to track a static route. !--- This is the static route to be installed in the routing !--- table while the tracked object is reachable. The value after !--- the keyword "track" is a tracking ID you specify.   route backup 0.0.0.0 0.0.0.0 10.250.250.1 254 

think the track is missing on 254

 

 

 

 

 

  0  
  0  
#3
Options
Re:Duel WAN link ER605v2 Cisco ASA 5520
2023-06-01 05:11:01

  @Freddo 

 

Cisco ASA doesn't have load balancing, I don't know if it works that well on TP-Link either, but I don't understand why you want to set up failover on Cisco ASA if you're going to use the ER605 as a load balancing router, can't you just connect Outside on Cisco to Inside on TP-Link

as I see it, there is not much to do on the Cisco ASA, you just have to make sure that the ASA and ER605 can communicate from the Outside interface to the Inside on the ER605

And ER605 will handle the load balancing.

If you are only going to have failover wan, it is better to use only Cisco ASA, it has faster and better failover than ER605

 

  0  
  0  
#4
Options
Re:Duel WAN link ER605v2 Cisco ASA 5520
2023-06-01 08:05:08 - last edited 2023-06-01 08:07:08

  @shberge 

 

That is correct want the TP er605 to cover load balancing and leave the ASA 5520 as is, working on the spare ASA and trying the interface from the outside - tp link lan on subnet with only two hosts.

 

Use one subnet from this selection, will see what gives.

 

172.16.50.0/31

 

172.16.50.14   172.16.50.15

                        172.16.50.14

 

  0  
  0  
#5
Options
Re:Duel WAN link ER605v2 Cisco ASA 5520
2023-06-01 08:28:17

  @Freddo 

 

If you use /31 mask 172.16.50.14   172.16.50.15 is only network and braodcast address try /27 (255.255.255.224)

 

  1  
  1  
#6
Options
Re:Duel WAN link ER605v2 Cisco ASA 5520
2023-06-06 21:39:38 - last edited 2023-06-06 21:47:30

ASA - ER605 link  @shberge 

Managed to get a connection working from ASA 5520 to ER605 > Internet 

 

In the image you can see on LAN port 4 on ER605 goes to OutSide interface on ASA green cable port 0 and Inside ASA port 1 goes to internal network. (HP Core - HP Switch ) 

 

But get an error on DNS from connection on inside from the ASA but if I connecth laptop it picks up dhcp on VLA N 2 and shows result from nslookup www.google.com

 

The inside ASA interface can ping 8.8.8.8 but on host it fails with hoat unkown and nslookup fails on time out. 

 

Its an issue on DNS reverse lookup as this is test of concept the ASA does not have internal Windows DNS as on live productionn site. 

  0  
  0  
#7
Options
Re:Duel WAN link ER605v2 Cisco ASA 5520
2023-06-07 04:31:45 - last edited 2023-06-07 06:08:39

Have you configured dns on your ASA ? Try ping somthing with name from console on your ASA

 

or configure ASA dns with this command

 

dns domain-lookup outside
DNS server-group DefaultDNS
  name-server 1.1.1.2

 

My account is migrated but im /shberge with new namesmiley 

  0  
  0  
#8
Options
Re:Duel WAN link ER605v2 Cisco ASA 5520
2023-06-07 10:56:25

  @MR.S 

 

I do have DNS configured on ASA but did a check over our production site hits our Internal DNS Windows Server to resolve and reverse lookup, on my Test ASA add 1.1.1.2 plus 8.8.8.8 Outside

 

But this does not resolve traceroute on ASA under tools.

 

Oh interesting when I specify www.google.com on our production with Outside it does the same

 

But add 1.1.1.2 on production ASA and this now resolves.

 

Then on the test ASA some thing is wrong. Did think its port 53 but can not see how.

 

On the ER605 would I need static route configured.

 

Its mad for me as you can ping 8.8.8.8 from interface on the test ASA Outside 

 

 

 

 

 

 

  0  
  0  
#9
Options
Re:Duel WAN link ER605v2 Cisco ASA 5520
2023-06-07 11:36:41

  @Freddo 

 

I don't know, there is probably something wrong with the ASA configuration, have you tried the cisco forum :-)
I did a trace here but I don't have an ER605 in front..

 

I have this software version on this ASA

 

 

 

 

  0  
  0  
#10
Options
Re:Duel WAN link ER605v2 Cisco ASA 5520
2023-06-07 15:36:35

  @MR.S 

 

 

what version are you on with your ER605 , when usiing subnet mask 255.255.255.248 if did not like entry for DNS complained about with red error mark, think it said broadcast address, however if you place 255.255.255.0 it allows DNS of 8.8.8.8 

 

Live in the uk and asking should I update firmware its Verison 2.0 on ER605 but looked on there support site does not show download.

 

 

found version 2.6 but from other country, and states may not work.

 

I do not like giving up on what should be a simple routing, and Cisco always want to ask for support contracts, that think expired with the tide.

 

Thanks for your support, did try packet test on the ASA and that worked, placed my laptop back on Port 4 LAN and its failing once more on DNS but not on Port 5 LAN but want to keep that seperate for access to ER605 for restore or alike .. 

 

what a pain but thanks for your support and help

  0  
  0  
#11
Options