How to spplit different LAN Segment in two ISP Service

Hi Forum
I have a doubt how to implement a new scenario
My customer have a 5520 (with four Interfaces) firewall with the following version:
ASA Version 8.2(5) and his configuration is
interface GigabitEthernet0/1                                                   
nameif lan1                                                                 
security-level 50                                                             
ip address 192.168.1.1 255.255.255.0                                        
interface GigabitEthernet0/2                                                   
nameif lan2                                                                 
security-level 100                                                            
ip address 192.168.2.1 255.255.255.0
interface GigabitEthernet0/0                                                   
description ISP1                                                        
nameif outside                                                                
security-level 0                                                              
ip address a.b.c.252 255.255.255.248                                      
same-security-traffic permit inter-interface                                   
same-security-traffic permit intra-interface                                  
access-list Public_access_in extended permit icmp any any                                
access-list ACL-RED-VPN extended permit ip 192.168.2.0 255.255.255.0 192.168.112.0 255.
access-list ACL-INSIDE-NONAT extended permit ip 192.168.2.0 255.255.255.0 192.168.112.0
icmp permit any outside                                                                  
icmp permit any inside                                                                   
global (outside) 1 interface                                                             
nat (inside) 0 access-list ACL-INSIDE-NONAT                                              
nat (lan1) 1 192.168.1.0 255.255.255.0                                               
nat (lan2) 1 192.168.2.0 255.255.255.0                                              
static (lan2,outside) tcp a.b.c.253 8080 192.168.2.11 8080 netmask 255.255.255.255
static (lan2,outside) tcp a.b.c.253 8081 192.168.2.13 8081 netmask 255.255.255.255
access-group Public_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 a.b.c.249 1
crypto ipsec transform-set ESP-AES128-SHA esp-aes esp-sha-hmac
! The rest is omited
So, the LAN's segment (192.168.1.0/24 and 192.168.2.0/24) leave to Internet by outside Interface and also I have set a VPN between our side and the remote LAN site (192.168.112.0/24)
Now, my customer want to add a new LAN Segment (for example 192.168.3.0/24) and has recently purchased a new service of ISP.
He want that this New LAN segment leave by the new ISP Provider and possible a new VPN between this new segment to another side will be appear.
In resumen:
The old configuration is not going to change.
For the new service LAN 192.168.3.0/24 must be go to internet using the seconf ISP service  z.y.x.194 255.255.255.248.
What change I must be do in the interface G0/3
I suppose that I must be create subinterface in the interface G0/3, like this.
!   line 1                                                                                        
interface GigabitEthernet0/3                                                             
no nameif
no security-level 0                                                                        
no ip address
no shutdown
!  line 2
interface GigabitEthernet0/3.100
vlan 100
nameif lan3
security-level 50                                                                        
ip address 192.168.3.1 255.255.255.0
!  line 3
interface GigabitEthernet0/3.200
vlan 200
nameif outside2
security-level 0                                                                        
ip address x.y.z.194 255.255.255.248
! line 4
route outside2 0.0.0.0 0.0.0.0 x.y.z.193 250
! line 5
global (outside2) 2 interface                                                            
nat (tikary) 2 192.168.3.0 255.255.255.0
! line 6
access-group Public_access_in in interface outside2
Also from the segment 192.168.2.x/24  must to access to other LAN Segment (192.168.1.0/24 and 192.168.3.0/24)
Please correct me, or you have any other reference to observe like a reference.
Regards
ARGB

Hi MikhailovskyVV.
These are the versions of my device:
ASA> show version
Cisco Adaptive Security Appliance Software Version 8.2(5)
Device Manager Version 6.4(5)
I can download the following images "asa913-k8.bin" and "asdm-715.bin"
ASA# dir flash:
Directory of disk0:/
100    -rwx  15390720    11:59:42 Mar 13 2013  asa825-k8.bin
101    -rwx  16280544    15:11:44 Mar 13 2013  asdm-645.bin
102    -rwx  28672       19:00:00 Dec 31 1979  FSCK0000.REC
3      drwx  4096        19:03:10 Dec 31 2002  log
10     drwx  4096        19:03:22 Dec 31 2002  crypto_archive
11     drwx  4096        19:03:24 Dec 31 2002  coredumpinfo
104    -rwx  4096        19:00:00 Dec 31 1979  FSCK0001.REC
105    -rwx  12998641    15:07:10 Mar 13 2013  csd_3.5.2008-k9.pkg
106    drwx  4096        15:07:14 Mar 13 2013  sdesktop
107    -rwx  6487517     15:07:48 Mar 13 2013  anyconnect-macosx-i386-2.5.2014-k9.pkg
108    -rwx  6689498     15:07:56 Mar 13 2013  anyconnect-linux-2.5.2014-k9.pkg
109    -rwx  4678691     15:08:00 Mar 13 2013  anyconnect-win-2.5.2014-k9.pkg
255320064 bytes total (192139264 bytes free)
ASA# show version
Cisco Adaptive Security Appliance Software Version 8.2(5)
Device Manager Version 6.4(5)
Compiled on Fri 20-May-11 16:00 by builders
System image file is "disk0:/asa825-k8.bin"
Config file at boot was "startup-config"
ASA up 1 day 18 hours
Hardware:   ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05
0: Ext: GigabitEthernet0/0  : address is e4d3.f112.0e9c, irq 9
1: Ext: GigabitEthernet0/1  : address is e4d3.f112.0e9d, irq 9
2: Ext: GigabitEthernet0/2  : address is e4d3.f112.0e9e, irq 9
3: Ext: GigabitEthernet0/3  : address is e4d3.f112.0e9f, irq 9
4: Ext: Management0/0       : address is e4d3.f112.0ea0, irq 11
5: Int: Not used            : irq 11
6: Int: Not used            : irq 5
Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited
Maximum VLANs                  : 150
Inside Hosts                   : Unlimited
Failover                       : Active/Active
VPN-DES                        : Enabled
VPN-3DES-AES                   : Enabled
Security Contexts              : 2
GTP/GPRS                       : Disabled
SSL VPN Peers                  : 2
Total VPN Peers                : 750
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials          : Disabled
Advanced Endpoint Assessment   : Disabled
UC Phone Proxy Sessions        : 2
Total UC Proxy Sessions        : 2
Botnet Traffic Filter          : Disabled
This platform has an ASA 5520 VPN Plus license.
Serial Number: JMX171180JB
Running Activation Key: 0xe638dc68 0xf4a83e3e 0xcc129924 0xb180fcc0 0x0b190e9d
Configuration register is 0x1
Configuration last modified by enable_15 at 05:57:50.617 PEST Wed Feb 19 2014
ASA#
Can I upgrade directly from 8.2(5) to 9.1 (I know that actual configuration will be lost and also I know that the syntax configuration is different between the versions, but this is not a problem for me, because I can re-configure it very fast).
My doubt is if exist any other license that will be afected during the upgrade. As you can see exist any other files in the flash memory and some features related to the license appear in the command "show version" and at the final line appear a message "This platform has an ASA 5520 VPN Plus license". My doubt is "after the upgrade (from 8.2 to IOS 9.1) these features will be change, any license will be afected????.
The object final is the following:
I have in this moment three LAN's segment (for example lan1, lan2 and lan3) and two WAN's (isp1 and isp2)
lan1 and lan2 leave for isp1 and exits VPN (site to site) connection between lan1 with different site. It in this moment is operation with any problem.
The problem is the third lan3 because this must be use the second isp2, also this lan3 will be open a VPN with another site. This requirement I can not do it with 8.2 IOS Version. This requirement is like a PBR in router.
The version 9.1 can handle this feature (PBR)
Please let me know
Regards
Andres

Similar Messages

  • How to keep data integrity with the two business service in OSB 10.3.1.0

    How to keep data integrity with the two business service in OSB 10.3.1.0
    In our customer system, customer want to keep data integerity between two businness service. I thinks this is XA transaction issue.
    Basing customer requirment, I created a testcase but I can't keep data integerity, For detail information, please refer the attached docs.

    Can you please explain what you meant my data integrity in your use case?
    Manoj

  • How to control transactions (WS-AT) between two web services in OSB?

    Could someone tell me if the OSB can have 2 diferents web services controlled by an unique transaction?
    For instance: in the OSB there are two wsdl, each one with its own Business Service and ProxyService respectively. In my vb.net aplication I started a transaction, called the first web service succefully and from the second web service I got an exception. I expected the first web service undo its work because the vb.net aplication excute a rollback command. Is this possible? How can I do? Any sample or tip will be helpfull.
    If I was developing without OSB, I would rely on WS-AT as shown in http://www.codeproject.com/Articles/38793/6-Steps-to-Enable-Transactions-in-WCF for two web services dot net, or for one web service dot net and other java, http://www.ibm.com/developerworks/websphere/library/techarticles/0707_lo/0707_lo.html.
    My question is basically: Is still possible to keep a single transaction between multiple web services when they are mediated by OSB? If so, is there a example showing how?

    Hi,
    When you create the proxy server, you have to check "Transaction required" box on Message Handling page...
    http://docs.oracle.com/cd/E17904_01/doc.1111/e15867/proxy_services.htm#i1316487
    Cheers,
    Vlad

  • Pseudoclasses:How to apply different link colors in two separate table cells

    How do I add the link state styles for these two cells?
    Footer table is in an include file
    Current code is:
    <table width="800" border="0" align="center" cellpadding="0" cellspacing="0">
      <tr>
        <td class="tdfooter1"><a href="index.php">Home</a>  |  <a href="about.php">About Our Company</a>  |  <a href="clients.php">Our Clients</a>  |  <a href="partners.php">Our Partners</a> |  <a href="contact.php">Contact Us</a></td>
      </tr>
      <tr>
        <td class="tdfooter2">Copyright 2010 by Data Carpet &amp; Rug   |  <a href="terms.php">Terms Of Use</a>  |  <a href="privacy.php">Privacy Statement</a></td>
      </tr>
    </table>
    Current CSS is:
    .tdfooter1 {
        font-family: Tahoma;
        font-size: 12px;
        color: #FFFFFF;
        background-color: #666666;
        text-align: center;
        height: 30px;
    .tdfooter2 {
        font-family: Tahoma;
        font-size: 12px;
        background-color: #CCCCCC;
        text-align: center;
        text-transform: capitalize;
        height: 30px;
    Ran out of variations, and any assistance will really be appreciated

    .tdfooter1 a:link {...
    .tdfooter1 a:visited {...
    .tdfooter1 a:hover {...
    .tdfooter1 a:active {...
    .tdfooter2 a:link {...
    .tdfooter2 a:visited {...
    .tdfooter2 a:hover {...
    .tdfooter2 a:active {...

  • How to have different language FF on two different user accounts.

    I have two user accounts and need Chinese (Simplified) FF on one and English FF on the other. I can download either language FF on the appropriate account without any problem. Then when I go to the other account and download the other language FF that action changes the FF that I had downloaded on the first account. I have done this process in both directions and it always changes FF on the first account to the language of the second download. Any help will be greatly appreciated. Thanks

    You can install the en-US version and install the language pack of the Chinese version.
    See http://kb.mozillazine.org/Language_packs
    Firefox 3.6.10 Win32: http://releases.mozilla.org/pub/mozilla.org/firefox/releases/3.6.10/win32/xpi/
    * Locale Switcher: https://addons.mozilla.org/firefox/addon/356

  • How to display different Time Statement forms in ITS service PZ04

    Hi all,
    I am working on a underlyinge R/3 4.7 system and are working with standalone ITS and ESS 50.4. I am posting this question to find out if any of you has experience with my problem.
    The business wishes to use the ITS transation PZ04 standard and wish to be able to display different Time Statement forms in the transaction through customized variants for the report(RPTEDT00) that the PZ04 transaction executes. In the IMG it is posted that one variant has to be created called HRESS_TEDT00 and this works, but restricts the PZ04 transaction to always be called with this variant and therebye the same Time Statement form every time.
    I then by debugging found that the underlying ABAP code processed from SAP standard has a variable VARIANT that is hardcode to = HRESS_TEDT00.
    The question is: Is there anyway to setup the PZ04 transaction so that it can be dynamic decided which variant should be used, f.ex. from persons subarea from infotype 0001?
    Looking forward to here if anybody can help.
    Regards,
    Allan Brauer

    hi allan,
    cud u plz help me how to sort out this problem actually in mu company the same scenario is here need to be display pe51 form instead of standard hrforms.....
    plz help me how will i replace this "hrforms with pe51"..

  • Different Pricing date for two line items

    Hi guru's
    How to give different pricing dates for two line items
    in a sales order
    To elaborate
    I have two line items one i need pricing date order date
    second one i need pricing date should be delivery date
    Thanks in advance
    Srinivas

    Dear Srinivas,
             While creating sales order select the item which you want to change the pricing date then go to menu>GOTO>Item -->Click on Sales A here you can able to change the pricing date as you like.
    You can change the pricing date of the item in the sales order through sales order change mode but that sales order should be open.
    I hope it will help you,
    Regards,
    Murali.

  • How to perform a WS-transaction between two webservices implemented in EJB3

    Hello,
    I would like to have an example of how to perform a WS-Transaction between two web services implemented with EJB 3.0. It should be done through code.
    Thanks in advance.

    Bit a late answer, btu I don't like googling for somthing and founding open questions about the topic I search for.
    Have a look at
    http://jbossws.jboss.org/mediawiki/index.php?title=JAX-WS_User_Guide
    and
    http://soa.sys-con.com/node/39769
    Cheers

  • How do I access a USB server on a "different network segment"?

    I have tried posting this question in the Server community but with no response, however I believe the solution will be achived through Terminal and I believe there will be those versed in the use of Terminal here, so here goes.
    I have a USB Server with four ports attached to my ethernet LAN. If I enter the IP address into Safari it shows me the Server details and the details of any item attached to any of the ports. However I cannot access anything on the server. If I put the IP address into Connect to Server I get an error message. Apparently the Server is on a "different network segment". How can I overcome this?
    Attached pages from Safari.

    MyBook USB=junk.
    If you search the forums you will find many users with problems with this particular brand.
    Does this drive have an external AC power supply brick? If not, Apple recommends the use of a powered USB hub.

  • Seperating management and normal service on two different LAN interfaces

    We would like to keep administration and general service of Windows Servers seperate on two different LAN interfaces "A" and "B" (on "dual home" machines i.e. machines with two network interfaces).
    Is this feasible so that no administration can be performed on LAN Interface A, all regular Services runs over LAN Interface A and all administration has to be done over B?
    Reasoning for this is security - only certain people and machines would be granted access to the management LAN.
    Any ideas how this is best achieved?
    Thanks in advance
       

    Hi,
    We can use the firewall to achieve your goal.
    Firstly, disable all the port in firewall of LAN B.
    Enable the port which used by the services in firewall of LAN B.
    After that all traffic from LAN B, which is not related to the services will be denied on the server.
    This is the general method of protecting the server on internet. (It is usually to be performed by a hardware firewall).
    Best Regards.
    Steven Lee
    TechNet Community Support

  • How to Create a new column from two different result sets

    How to Create a new column from two different result sets, both the result set uses the different date dimensions.

    i got solutions for this is apply filters in column formula it self, based on the requirement.

  • How to use two different ojdbc14.jar for two web application.

    Hi,
    I have two web application running in same tomcat, I need to use the two different ojdbc14.jar for two application, now both are taking the jars from tomcat common/lib directory, I tried copying the new ojdbc14.jar in web-inf/lib folder of one application, but it is not working.
    Could you please let me know whether this will take the jar from tomcat by befault or from web-inf, and a solution how to proceed with this.
    Thanks in advance.

    Yes, I tried removing the jars from common/lib, but as the connection string is mentioned inside the server.xml it is showing db connection error while trying to connect to the database

  • How do I use Home Sharing with two different apple accounts?

    How do I use Home Sharing with two different apple accounts?

    Morning Saintine,
    Thanks for using Apple Support Communities.
    Home Sharing enables you to stream or transfer music, movies, TV shows, apps, and more among up to five authorized computers in your household. To do so, you will need to Turn on Home Sharing on each computer using the same Apple ID.
    Understanding Home Sharing
    http://support.apple.com/kb/HT3819
    Hope this helps,
    Mario

  • How to Launch an Integration Builder under two different java versions

    How to Launch an Integration Builder under two different java versions     1
    1. Situation     2
    2. How To Do     2
    2.1 jre preparation     2
    2.2 Put them into the system     2
    2.3 Execute a Java Web Start under jre 1.4.x version     3
    2.4 Change Java Runtime Versions     3
    2.5 Launch an Integration Builder     6
    1. Situation
    OS: windows 2000 pro – English
    Java version: jdk 1.5.x was already installed. (It’s not permitted to change.)
    I don’t have any authorization to install any software on the PC.
    But I need to use an Integration Builder.
    I already knew URLs of an Integration Builder (http://<hostname>:50000/rep/start/repository.jnlp).
    2. How To Do
    At this moment, an Integration Builder (XI 3.0) can be launch under jre 1.4.x environment (on windows).
    2.1 jre preparation
    I download j2re-1_4_2_10-windows-i586-p.exe from http://java.sun.com/j2se/1.4.2/download.html
    I installed it on my home PC and copied all files from C:\Program Files\Java\ j2re1.4.2_10\ into my USB.
    2.2 Put them into the system
    I pasted j2re1.4.2_10 folder from my USB into the windows 2000 pro system.
    Finally, I could list up all of javaws.exe under this system.
    c:\j2re1.4.2_10\javaws\javaws.exe
    c:\Program Files\Java\jdk1.5.0_05\bin\javaws.exe
    c:\Program Files\Java\jdk1.5.0_05\jre\bin\javaws.exe
    c:\Program Files\Java\jre1.5.0_05\bin\javaws.exe
    2.3 Execute a Java Web Start under jre 1.4.x version
    I executed c:\j2re1.4.2_10\javaws\javaws.exe .
    2.4 Change Java Runtime Versions
    Go to File-> Preferences -> Java
    As you can see, it indicates 1.5 version.
    Click [FIND] button.
    Click [NEXT] button.
    Click the j2re1.4.2_10 folder.
    Click [NEXT] button.
    A JRE Finder is able to find javaw.exe automatically. Or you can indicate C:\j2re1.4.2_10\bin\javaw.exe directly.
    Click [NEXT] button.
    Finally, there are two Java Runtime Versions. Now you need to uncheck the Enabled column of 1.5 version and check 1.4 version.
    Click [OK] button.
    Well, in the General tab, I selected None for Proxies.
    2.5 Launch an Integration Builder
    In the Location field, I typed the URL of an Integration Builder jnlp.
    http://<hostname>:50000/rep/start/repository.jnlp
    SAP Integration Builder comes up inside Applications area.
    Select it and click [Start] button.
    If you click Environment-> Integration Builder (Configuration), you can launch Integration Builder: Configuration.
    [PDF file location] with screenshots
    http://SDN.mobilian.org/SDN/How2LaunchIB.rar
    ===================Advertisement==========================
    How do you search SDN?
    What about [<b>SDN Search Widget</b>]?
    SDN Search Widget
    =========================================================

    I am not getting anywhere with deploying my application or
    applet.
    I have set up my bc4j project. It contains all my VO info,
    links, application module. (proj a)
    I then have another project with DbInfo in it(has all my rowset
    info), Multiple Frames, and my Applet.java file.
    Actually I have an Applet.java file and a Application.java file
    because I was seeing if both/either worked. Anyway they seem the
    same, except for that extra window that comes up when you run the
    applet.
    I follow the steps in the oracle directions (from earlier post).
    And all seems ok. But at ---->
    [*] Select the subdirectory under myhtml where your applet's HTML
    file
    is located, and enter the directory path of the 'staging'
    directory you
    created in step 3 above, if different from the default.</li>
    [*]Select the HTML files that JDeveloper created to run your
    applet.</li>
    [*]Select all of the Java source files in your project that make
    up the
    applet.</li>
    I have no HTML file associated with my applet, at least that I
    know of.
    So do I need to create one, or should it of been done
    automatically.
    Also, I trying to figure out what will be the best way to deploy
    my project. Applet or stand alone application is what my first
    choices have been so far. I have read that there is some issues
    with applets being served from a different server than the
    database. So a stand alone application was my front runner, but
    I haven't gotten either way to work yet.

  • HT5646 should I set up a different account for each child?  if so, how do I manage itunes money between two kids?

    should I set up a different apple account for each child?  if so, how do I manage itunes money between two kids?

    Hello staatsfamily,
    Having a separate Apple ID for each child will allow each child to keep their purchases and iCloud information separate.  It will also allow you to provide an iTunes Store Allowance for each child:
    With iTunes Allowance, you can send a monthly iTunes Store credit to anyone with an iTunes Store account. It's a great way for parents to manage their children's spending on the iTunes Store, App Store, and iBooks Store.
    Once you have created an Apple ID for each child, you can provide an iTunes Store allowance to each Apple ID. The following article will guide you in how to set this up:
    iTunes Store Allowance
    http://support.apple.com/kb/ht2105
    Thank you for using Apple Support Communities.
    Best,
    Sheila M.

Maybe you are looking for

  • Battery life questions

    Hi all I am seriously considering an iphone but I like to have a good battery on a phone and not have to worry about getting through a day without charging it. If i sent approx 15 texts a day, listen to 3 hours of music/podcasts (via headphones) brow

  • Update Statistics of CRM Production system is terminated with errors

    Dear All, Update Statistics of CRM Production System is failing ie terminated with errors. Kindly help. Following  are the logs: BR0973W Database operation alert - level: WARNING, operation: cegnnbuz.chk, time: 2011-08-12 09.32.37, condition: Last su

  • Get the highlighted item in a list

    Hi i'm trying to get the item which i have my mouse on, from a list. I tried the Flex 3.3 Language Reference but no luck, the closest i found was selectedItem. Any ideas? Thanks.

  • MySQL/WAMP connect error

    I've been using CS3 in connection with WAMP to insert PHP code into pages. The MySQL database sits at a remote server. The setup worked fine with CS2 and CS3 for the two or three years. All of a sudden, last Thursday, there were errors connecting to

  • Problem in Calling Subcreen

    Hi, my main screen number is 1001 and in that screen i have a tabstrip with subscreens 1002,1003,1004,1005,1006.Each tab has an ALV... When i click on excute button in my main screen 1001 then i need to call all the subscreens and all the ALV's shoul