Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
502
Views
0
Helpful
4
Replies

ASA 5510 - dual ISPs

Go to solution
arjun.e343
Level 1
Level 1

‎10-18-2007 04:09 AM - edited ‎03-11-2019 04:27 AM

Dear All

i have ASA 5510 with Security Plus License (5 FE ports).

i want to terminate my two ISPs (one with Static public IP address and other with dynamic IP) in ASA 5510 and want to give IPSec VPN Connectivity for my remote users.

Is it possible to connect two different ISPs in a single box and route IPSec VPN user traffic thro a specific Link (Static Public IP Link) and rest of internet traffic through a different link.

Regards

Arjun

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jsteffensen
Level 1
Level 1

‎10-19-2007 06:34 AM

Hi Arjun

I believe it is not possible.

Normally you could create different contexts with different default gateways. If you add Policybased Routing on a Router behind the Firewall you could forward different traffic to the different Contextes, and thereby use two ISP's and select what kind of traffic should be sendt using which ISP. In this way you could separate the ISP-Traffic for example for HTTP, SMTP, FTP and so on.

But as soon as you create contexts IPSEC VPN is no longer supported.

So sorry

Regards

Jarle

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Collin Clark
VIP Alumni
VIP Alumni

‎10-18-2007 08:10 AM

In dual ISP mode, I believe that only one connection is "active" meaning that the firewall is routing out to that connection. I think you'll have to have two ASA's per your requirements above.

0 Helpful

Go to solution
jsteffensen
Level 1
Level 1

‎10-19-2007 06:34 AM

Hi Arjun

I believe it is not possible.

Normally you could create different contexts with different default gateways. If you add Policybased Routing on a Router behind the Firewall you could forward different traffic to the different Contextes, and thereby use two ISP's and select what kind of traffic should be sendt using which ISP. In this way you could separate the ISP-Traffic for example for HTTP, SMTP, FTP and so on.

But as soon as you create contexts IPSEC VPN is no longer supported.

So sorry

Regards

Jarle

0 Helpful

Go to solution
loizosko
Level 1
Level 1
In response to jsteffensen

‎04-15-2008 06:29 PM

i want to try do the dual isp in active active, using route maps. Has anyone done this?

i was able to do dual isp but in active failover mode. only if primary connection was down it would redirect traffic to the other line.

0 Helpful

Go to solution
alanajjar
Level 1
Level 1

‎04-16-2008 08:56 AM

Hi,

The easist way is to put a router in front of the ASA,and let the router make the load balance. If you use multiple context in ASA, you cannot use VPN, also you will create extra subnet.

regards

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card