ASA5505 02 ISP

Unanswered Question
Feb 18th, 2009
User Badges:

Hi,


I have to sugest a solution to my customer which can support 02 different ISPs simultaneously in active mode on ASA5505-SEC-BUN-K9. Is this solution possible.


Thanks & Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cdusio Fri, 02/20/2009 - 07:44
User Badges:
  • Bronze, 100 points or more

Yes although load balancing isn't supported multiple default routes are through object tracking.


aryancomputer Thu, 02/26/2009 - 03:01
User Badges:

Hi Thanks for your comment, it would be nice if you can explain more or give an example.


Thanks & Regards

aryancomputer Fri, 02/27/2009 - 05:24
User Badges:


Pls explain with an example, it would be really nice.


Thanks & Regards

aryancomputer Tue, 03/03/2009 - 00:28
User Badges:

Pls explain with an example, it would be really nice.


Thanks & Regards

isagonza Tue, 03/03/2009 - 09:56
User Badges:

Hello


First of all you can't have two ISP active at the same time in an ASA5505. This is because the ASA can only handle one default route.


The workaround would ony work whenever you know the destination you are looking for:


Lets assume this:


outside: 5.5.5.5 /27

inside: 10.10.10.0 /24

backup: 6.6.6.6/27


Interface backup is the secondary ISP


As default route you got:


route outside 0 0 5.5.5.6


for nat:


nat (inside) 1 0 0

global (outside) 1 interface


All unknown traffic from inside would use the default route and would be leaving through 5.5.5.6


The only way to force traffic out through the backup interface would be to know which destination you are looking for and force it through the secondary ISP


for example, adding a route like this:


route backup 200.0.0.0 255.0.0.0 6.6.6.7


All traffic meant to network 200.0.0.0/8 would leave through backup interface, using secodnary ISP. This is the only way to force traffic through a secondary ISP, and it will not create load balancing.


About previous reply of using object tracking that would be for using a Backup ISP. This means as soon as your primary ISP goes down, the secondary would take over:


https://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml


Cheers








Actions

This Discussion