ASA5520 - Can I utilize two Outside ports on different ISPs?

Unanswered Question
May 16th, 2010
User Badges:

Question:


We are in the process of migrating our ISP from two Sprint T1s to a 20Mb Fiber based connection. I have a new front end router(2911)  that will be in front of the ASA, and I have an empty interface on the ASA. Can I use both connections concurrently? I'm not trying to load balance or anything like that, and the new interface will have a new class C addresses. I want to be able to continue to use the T1s while I can slowly move services over to the new ISP and new interface on the ASA, and then eventually retire the original Outside interface for the T1s.


Is this possible? I figured that if I assign the interface the IP, setup the ACLs, and NATs, it would work, but I know that my default route, 0.0.0.0 is pointing to the IP of my router for my T1s.


Thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bryankrausen Sun, 05/16/2010 - 18:33
User Badges:

So would the suggestion to be make an all-in-one switch to the new ISP and public addresses?

Jennifer Halim Sun, 05/16/2010 - 18:42
User Badges:
  • Cisco Employee,

Absolutely.. either L3 switch or router is capable of routing via different link.

I assume that your public range is already currently assigned to the current ASA outside interface, right?

bryankrausen Sun, 05/16/2010 - 19:03
User Badges:

Yes I have IPs on my original Outside interface, and I will have a new

class C on this new interface.



On May 16, 2010, at 9:43 PM, "halijenn"

Jennifer Halim Sun, 05/16/2010 - 19:16
User Badges:
  • Cisco Employee,

Assuming that after configuring the new interface with the new IP, you will be moving the default gateway on the ASA from the existing outside, to the new interface, right?

Jennifer Halim Sun, 05/16/2010 - 18:10
User Badges:
  • Cisco Employee,

Unfortunately you can not have 2 default gateways concurrently pointing out from 2 different ASA interfaces. ASA is a stateful firewall, hence all traffic inbound and outbound should be symmetric, therefore, it can't have 2 default gateways pointing towards 2 different ASA interfaces.


Hope that answers your question.

Actions

This Discussion