cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
497
Views
5
Helpful
2
Replies

dual ISP

thomas.olsen
Level 1
Level 1

Hello I need some help

We have a asa 5510 and have now 2 ISP, I need to setup that one of the ISP1 runs port 80 traffic and ISP2 all the other traffic.

Right now all the traffic runs on one ISP. Can you help me.

ASA Version 8.0(4)

Thomas

2 Replies 2

Hi,

even if you have 2 ISPs the ASA must have one and only one default gateway. So even if you "static" your web servers to ISP1 IPs and other services to ISP2 addresses there is no way to tell the ASA to route the traffic from web servers to Internet via ISP1 and all the other via ISP2 since you can not perform policy based routing (route maps) on the ASA.

A solution could be partition the ASA in two contexts so that you can have separate routing tables (but you can no longer close VPNs or perform dynamic routing).

Hope this helps.

Fulvio

Fulvio is right.

1. You cannot have two default routes on the ASA pointing to two different interfaces.

2. ASA doesn't support PBR.

What you can do is this.

1. Translate port 80 traffic to ISP1 address

2. Translate other ports to ISP2 address

3. use a router on the outside to do PBR based on source address.

4. If router sees ISP1 address from the firewall send via ISP1 link

5. If router sees ISP2 address from the firewall send via ISP2 link

-KS

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: