ASA5520 - Can I utilize two Outside ports on different ISPs?

bryankrausen · ‎05-16-2010

Question:

We are in the process of migrating our ISP from two Sprint T1s to a 20Mb Fiber based connection. I have a new front end router(2911) that will be in front of the ASA, and I have an empty interface on the ASA. Can I use both connections concurrently? I'm not trying to load balance or anything like that, and the new interface will have a new class C addresses. I want to be able to continue to use the T1s while I can slowly move services over to the new ISP and new interface on the ASA, and then eventually retire the original Outside interface for the T1s.

Is this possible? I figured that if I assign the interface the IP, setup the ACLs, and NATs, it would work, but I know that my default route, 0.0.0.0 is pointing to the IP of my router for my T1s.

Thanks in advance.

Jennifer Halim · ‎05-16-2010

Unfortunately you can not have 2 default gateways concurrently pointing out from 2 different ASA interfaces. ASA is a stateful firewall, hence all traffic inbound and outbound should be symmetric, therefore, it can't have 2 default gateways pointing towards 2 different ASA interfaces.

Hope that answers your question.

bryankrausen · ‎05-16-2010

So would the suggestion to be make an all-in-one switch to the new ISP and public addresses?

Jennifer Halim · ‎05-16-2010

Absolutely.. either L3 switch or router is capable of routing via different link.

I assume that your public range is already currently assigned to the current ASA outside interface, right?

bryankrausen · ‎05-16-2010

Yes I have IPs on my original Outside interface, and I will have a new

class C on this new interface.

On May 16, 2010, at 9:43 PM, "halijenn"

Jennifer Halim · ‎05-16-2010

Assuming that after configuring the new interface with the new IP, you will be moving the default gateway on the ASA from the existing outside, to the new interface, right?