07-24-2008 06:28 AM - edited 03-11-2019 06:19 AM
Hello Guys,
I have an ASA 5520 and wanna know, but couldn't find any information, if I can use the ASA with 2 ISP connections. One ISP will be my DMZ and VPN connections and the other one is for my normal internet traffic.
I can also think in configuring the links as backup for each other.
Any ideas?
07-24-2008 09:53 AM
07-25-2008 07:05 AM
You can't do it.
You can have two ISP but one of them will be sitting there just for the backup purposes. The problem is that ASA can;t have 2 ISP but only can handle one default route. So lets say in your example. You want setup DMZ for incoming VPN connection. But you do not know what ip addresses these VPN connections will be comming from (SSL VPN, Cisco VPN Client,). Also, you want all internet traffic to use outside interface. In order to accomplish that you need two default static routes and you can;t do that.
One time i did that for the client, but DMZ interface was used for Point to Point VPN tunnels , so my static default route was pointing to ISP on outside interface, and static routes for my vpn peers where pointing to DMZ interface. Also i had to add routes for private ranges (across vpn link) to 2 ISP as well. This works just fine.
hopefully this helps you undersdand asa with dual ISP
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide