asa 5510 multiple isp

Unanswered Question
May 7th, 2008

I bought an asa 5510 with security plus. I have a bonded T I want to use for our VPN's and tunnels and such, our mail server, our web server, etc. But I also have a plain, cheap cable line I would like to use for updates, internet browsing, etc. Can this be done? My readings online are saying yes, you can make it support multiple gateways, but I can't find any solid help. Thanks in advance

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
didyap Tue, 05/13/2008 - 06:23

Yes, the ASA will allow multiple default gateways. However, there are a few catches:

If you have multiple default gateways that have been manually configured, like:

route outside 1

route outside 2

(two default gateways, and with distance metrics of 1 and 2 respectively)

then the ASA will *always* use the default gateway with the lower distance metric. The ASA will never use the default gateways with the high distance metrics.

For this to work you need a routing protocol that maintains the routing table in the ASA. For the ASA this means that you need to use the OSPFrouting protocol. The way this will work is that, when a route goes down, OSPF will remove the default gateway through that route, and the other default gateways will be used. When the route comes back up OSPF will re-add the route to the routing table.


This Discussion