Home

Forums

Stories

Knowledge Base

Business Community > Routers > Duel WAN link ER605v2 Cisco ASA 5520

< Routers

Duel WAN link ER605v2 Cisco ASA 5520

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Duel WAN link ER605v2 Cisco ASA 5520

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Freddo

2023-05-31 08:59:15

Posts: 12

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2023-05-31

Duel WAN link ER605v2 Cisco ASA 5520

2023-05-31 08:59:15

Model: ER605 (TL-R605)

Hardware Version: V2

Firmware Version: v2

There is an old post on this but not able to find the answer in question, i will have two ISP WAN connections from this I am trying to link the ASA 5520 that has three interfaces Outside (connection of single ISP) Inside (connection of all VLAN HP switch), DMZ VLAN for Hosted Web Servers (inside traffic).

I can configure the WANS with no issues but trying to understand that one of the LAN ports (4) would need to direct back to the Outside Interface of ASA

Here is what I am trying to cover, but when I make a link from LAN Port 4 to Outside Interface on the ASA 5520 it pings but when I cover a test route it does not complete in the desired number hops, I have trued to Add Route but some options are not that clear.

The LAN port does require a VLAN tag and used 2 for this as it does not exist on my existing network and did not want conflicts and in it self is not seen on Existing LAN

Please if any one has covered this could you please provide details with DIA or point to any YouTube video that has done alike connection on main core router.

Does TP-Link have any supporting documentation, I work within a school and hope to pass this information on further to other schools UK based.

Thanks for your support.

24 Reply

MR.S

LV5

2023-06-21 12:03:44

Posts: 2121

Helpful: 769

Solutions: 268

Stories: 0

Registered: 2018-08-17

Re:Duel WAN link ER605v2 Cisco ASA 5520

2023-06-21 12:03:44

@Freddo

yes it looks very similar to what I did in my first test.
but I see you use 165.50.25.x this is not a private IP you should change it to 10.50.25.x or another IP that is private. Private IPs are in this range.

RFC1918 Subnets

The RFC1918 address space includes the following networks:

10.0.0.0 – 10.255.255.255 (10/8 prefix)
172.16.0.0 – 172.31.255.255 (172.16/12 prefix)
192.168.0.0 – 192.168.255.255 (192.168/16 prefix)

#22

Freddo

LV1

2023-06-21 13:59:18

Posts: 12

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2023-05-31

Re:Duel WAN link ER605v2 Cisco ASA 5520

2023-06-21 13:59:18

@MR.S

Well spotted what was I doing on this, need to change over to private that will otherwise conflict with the out side world. Thanks for this was doing subbetting online must have had a melt down.

#23

MR.S

LV5

2023-06-21 18:13:24

Posts: 2121

Helpful: 769

Solutions: 268

Stories: 0

Registered: 2018-08-17

Re:Duel WAN link ER605v2 Cisco ASA 5520

2023-06-21 18:13:24

@Freddo

#24

Freddo

LV1

2023-06-23 12:04:11

Posts: 12

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2023-05-31

Re:Duel WAN link ER605v2 Cisco ASA 5520

2023-06-23 12:04:11

@MR.S

I changed the bridge IP address to private, have a main issue live at present in testing but our web site on SSN(DMZ) on the Cisco ASA shown on the dia in black line to port on HP Core, this is on Subnet 172.16.40.1 the server IP address 172.16.40.29

The problem its IP address

185.175.114.150 does not route on the ASA 5515 from outside, expect this is the nat rules that are broke.

I tried to see if NAT to NAT or DMZ Nat could this be where I use forward packet rules on ER8411

Looking over the manuals it relates to internal server on your network but this is routing from the ASA

ruled out port tigering as traffic is on 443 from different servers.

Would I need to change a NAT rule on the ASA to get this to work translate from WAN/LAN Port 4 185.175.114.150 LAN on 8411 172.30.20.1 > Server IP 172.16.40.29

virtual servers do not make much sense would be good if they provided, some

We have another issue on application using RDP to server this is another one I need to get my head around, do not mind changing NAT rules on the ASA but need understanding of its routing.

Maybe a static routing needs to be done.

Nat Rule

172.16.40.1

interface WAN/LAN4

Ping web server from LanTrinity

172.16.40.1 or 29 Server Web IP

When I cover a ping from LANTrinity to 172.16.40.1 (GW) it replies - with rule NAT to NAT

If i change this to server 172.16.40.29 it replies on ping diagnostics on the ER8411 Nat to NAT

This is being translated on the Cisco as

SSN - Outside 172.16.40.29 any any 185.175.114.150 original

outside - SSN any 185.175.114.150 any original 172.16.40.29

#25

Duel WAN link ER605v2 Cisco ASA 5520

Duel WAN link ER605v2 Cisco ASA 5520

RFC1918 Subnets

Information

Voters 0

Tags