10-18-2007 04:09 AM - edited 03-11-2019 04:27 AM
Dear All
i have ASA 5510 with Security Plus License (5 FE ports).
i want to terminate my two ISPs (one with Static public IP address and other with dynamic IP) in ASA 5510 and want to give IPSec VPN Connectivity for my remote users.
Is it possible to connect two different ISPs in a single box and route IPSec VPN user traffic thro a specific Link (Static Public IP Link) and rest of internet traffic through a different link.
Regards
Arjun
Solved! Go to Solution.
10-19-2007 06:34 AM
Hi Arjun
I believe it is not possible.
Normally you could create different contexts with different default gateways. If you add Policybased Routing on a Router behind the Firewall you could forward different traffic to the different Contextes, and thereby use two ISP's and select what kind of traffic should be sendt using which ISP. In this way you could separate the ISP-Traffic for example for HTTP, SMTP, FTP and so on.
But as soon as you create contexts IPSEC VPN is no longer supported.
So sorry
Regards
Jarle
10-18-2007 08:10 AM
In dual ISP mode, I believe that only one connection is "active" meaning that the firewall is routing out to that connection. I think you'll have to have two ASA's per your requirements above.
10-19-2007 06:34 AM
Hi Arjun
I believe it is not possible.
Normally you could create different contexts with different default gateways. If you add Policybased Routing on a Router behind the Firewall you could forward different traffic to the different Contextes, and thereby use two ISP's and select what kind of traffic should be sendt using which ISP. In this way you could separate the ISP-Traffic for example for HTTP, SMTP, FTP and so on.
But as soon as you create contexts IPSEC VPN is no longer supported.
So sorry
Regards
Jarle
04-15-2008 06:29 PM
i want to try do the dual isp in active active, using route maps. Has anyone done this?
i was able to do dual isp but in active failover mode. only if primary connection was down it would redirect traffic to the other line.
04-16-2008 08:56 AM
Hi,
The easist way is to put a router in front of the ASA,and let the router make the load balance. If you use multiple context in ASA, you cannot use VPN, also you will create extra subnet.
regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide