Two outside interfaces on an ASA 5505

Answered Question

Hi guys,


I'm not very familiar with the ASA 5505; on a base license, would the following configuration work? Can it act as an edge device for two ISP networks?


/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; mso-bidi-font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:PMingLiU; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-font-kerning:1.0pt;}

interface Ethernet0/0

nameif ISP1

security-level 0

ip address 1.1.1.1 255.255.255.252

!

interface Ethernet0/1

nameif ISP2

security-level 0

  ip address 2.2.2.1 255.255.255.252

!

interface Ethernet0/2

nameif inside

security-level 100

ip address 192.168.1.1 255.255.255.0


Thanks in advance


- Joe


Correct Answer by Jennifer Halim about 7 years 3 days ago

I just double checked that all Security Base license appliance supports dual ISPs, including ASA 5505

With ASA 5505 Base license, you need to be aware of it can only have 2 unrestricted zones, which normally would consist of 1 inside and 1 outside zone. Plus 1 restricted zone, ie: that zone can't access one other zone, but that other zone can access it.


Example:

Inside and outside would be the unrestricted zone.

Backup outside would be the restricted zone. I believe you can configure the outside interface as the restricted zone, while the other 2 interfaces are unrestricted. So on the backup outside interface, you would configure "no forward interface vlan "


Here is the URL for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/int5505.html#wp1051819

Correct Answer by Jennifer Halim about 7 years 6 days ago

Unfortunately you would need Security Plus license on ASA 5505 for backup ISP connection.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jennifer Halim Sat, 06/19/2010 - 01:07
User Badges:
  • Cisco Employee,

Unfortunately you would need Security Plus license on ASA 5505 for backup ISP connection.

Correct Answer
Jennifer Halim Mon, 06/21/2010 - 03:27
User Badges:
  • Cisco Employee,

I just double checked that all Security Base license appliance supports dual ISPs, including ASA 5505

With ASA 5505 Base license, you need to be aware of it can only have 2 unrestricted zones, which normally would consist of 1 inside and 1 outside zone. Plus 1 restricted zone, ie: that zone can't access one other zone, but that other zone can access it.


Example:

Inside and outside would be the unrestricted zone.

Backup outside would be the restricted zone. I believe you can configure the outside interface as the restricted zone, while the other 2 interfaces are unrestricted. So on the backup outside interface, you would configure "no forward interface vlan "


Here is the URL for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/int5505.html#wp1051819

Actions

This Discussion