dual ISP

Unanswered Question
Feb 16th, 2010

Hello I need some help

We have a asa 5510 and have now 2 ISP, I need to setup that one of the ISP1 runs port 80 traffic and ISP2 all the other traffic.

Right now all the traffic runs on one ISP. Can you help me.

ASA Version 8.0(4)

Thomas

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
fulvio.pietrobo... Tue, 02/16/2010 - 05:04

Hi,

even if you have 2 ISPs the ASA must have one and only one default gateway. So even if you "static" your web servers to ISP1 IPs and other services to ISP2 addresses there is no way to tell the ASA to route the traffic from web servers to Internet via ISP1 and all the other via ISP2 since you can not perform policy based routing (route maps) on the ASA.

A solution could be partition the ASA in two contexts so that you can have separate routing tables (but you can no longer close VPNs or perform dynamic routing).

Hope this helps.

Fulvio

Kureli Sankar Tue, 02/16/2010 - 18:27

Fulvio is right.

1. You cannot have two default routes on the ASA pointing to two different interfaces.

2. ASA doesn't support PBR.

What you can do is this.

1. Translate port 80 traffic to ISP1 address

2. Translate other ports to ISP2 address

3. use a router on the outside to do PBR based on source address.

4. If router sees ISP1 address from the firewall send via ISP1 link

5. If router sees ISP2 address from the firewall send via ISP2 link

-KS

Actions

This Discussion