BGP on ASA

Answered Question
Aug 16th, 2008
User Badges:

I have two ASA 5520 running, if the main firewall fail it should fail over to the 2nd, I want to get a next ISP so if the 1st ISP fail it should fail over to the next ISP, I want to use BGP to route between ISP, do I have to get a router and put it before the two ASA or I can run BGP on the two ASA, so if one ISP fail it fail over to the next ISP and keep the same config that if one firewall fail it fail over to the next ASA?

Can any one help me out, I really don't want to buy a next router.

Correct Answer by Farrukh Haroon about 8 years 8 months ago

There isn't much benefit of using the BGP for 'just failover' unless you have the whole internet routing table and want to load balance or something. For two ISPs (with one as backup) you can use the procedure in the link provided by Marwan. The ASA does not support BGP at all. However you can make it pass through the ASA (if required).


Regards


Farrukh

Correct Answer by Marwan ALshawi about 8 years 8 months ago

if i think about BGP then u need a router


but have a look at the following link and try to use the idea in it in ur case

not ssure if it goona work with two ASAs


but check it out and good luck


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml


please, if hlepful rate

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.7 (3 ratings)
Loading.
Correct Answer
Marwan ALshawi Sat, 08/16/2008 - 18:17
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

if i think about BGP then u need a router


but have a look at the following link and try to use the idea in it in ur case

not ssure if it goona work with two ASAs


but check it out and good luck


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml


please, if hlepful rate

Correct Answer
Farrukh Haroon Sat, 08/16/2008 - 21:46
User Badges:
  • Red, 2250 points or more

There isn't much benefit of using the BGP for 'just failover' unless you have the whole internet routing table and want to load balance or something. For two ISPs (with one as backup) you can use the procedure in the link provided by Marwan. The ASA does not support BGP at all. However you can make it pass through the ASA (if required).


Regards


Farrukh

shanemcanuff Sun, 08/17/2008 - 07:27
User Badges:

Thx for your help, if I use this config, can I NAT two diff.. public IP to one server?

rgmarti25 Mon, 02/10/2014 - 15:15
User Badges:

Wondering if any of the latest ASA updates now allow the ASA5520 to support BGP?  How about the new ASA5525, will that support BGP?

Actions

This Discussion