Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
668
Views
8
Helpful
6
Replies

ASA 5505 Dual-ISP, how??

onlyamdri
Level 1
Level 1

‎03-26-2007 09:38 AM - edited ‎03-11-2019 02:52 AM

Hi,

I have two DSL lines, and I want to use at the same time this ISP with a Cisco Firewall.

I have a Pix 501 but I think that is no possible to have 2 IP in the same Outside port.

Maybe with ASA 5505 is possible? How can I do it?

DSL-modem A----|................|---Server1...

.............................|---ASA--|

DSL-modem B----|................|---PC1...

Server1 use gateway DSL-modem A

PC1... use gateway DSL-modem B

A lot of thanks.

Labels:
0 Helpful
6 Replies 6

abinjola
Cisco Employee
Cisco Employee

‎03-26-2007 09:49 AM

policy based routing in not possible on ASA or PIX..so what you are trying to do is not possible here on ASA

onlyamdri
Level 1
Level 1
In response to abinjola

‎03-26-2007 10:07 AM

Thanks for the quick answer.

Which is the easy way to achieve the Dual-ISP protected with ASA?

Maybe 2 ASA and 1 router...

ISP A--ASA--|

......................|--Cisco Router--Internal Net

ISP B--ASA--|

0 Helpful

abinjola
Cisco Employee
Cisco Employee
In response to onlyamdri

‎03-26-2007 10:55 AM

well if you dont want to go for multiple context then you can certainly point the entire route to the router and then let router do policy based routing..let the router do natting as well

0 Helpful

abinjola
Cisco Employee
Cisco Employee

‎03-26-2007 10:07 AM

why dont you buy a cheap router and point the gateway for the FW to it...let the router do the PBR for you...how does it sound..?

0 Helpful

cpembleton
Level 4
Level 4

‎03-26-2007 10:16 AM

You could do it for with an ASA 5510 using multiple contexts. Would be cheaper to just buy another 501 and each DSL would have it's own firewall.

http://www.cisco.com/en/US/customer/products/ps6120/products_configuration_guide_chapter09186a0080636f9b.html

Could also put a router between your firewall and DSL modems and let it do the Policy based routing. Then you could configure it to fail over to the other DSL if the primary goes down.

http://www.cisco.com/en/US/customer/products/ps6599/products_white_paper09186a00800a4409.shtml

http://www.cisco.com/en/US/customer/tech/tk364/technologies_configuration_example09186a0080211f5c.shtml

Thanks,

Chad

Please rate if this helps!

onlyamdri
Level 1
Level 1
In response to cpembleton

‎03-27-2007 03:50 AM

I think that is the best solution:

a)Buy ASA 5510 (expensive).

b)Buy another Pix 501 (cheap).

Two ISP must work at the same time.

Thanks.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card