ASA FIREWALL CONFIGURE TO HAVE TWO ISP INTERNET ACCESS?

ericohermoso · ‎07-23-2010

Hello,

Is it possible for 1 firewall to configure 2 internet access, say first isp will use int e0/0 - outside, e0/1 - inside and 2nd ISP will use e0/2 - outside2 and e 0/3 -inside2 ?

thank you,

Edwin

August Ritchie · ‎07-23-2010

**EDIT**

In your case you may want to try a multiple context configuration. This will provide the seperation you need!

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808d2b63.shtml

**EDIT**

The ASA doesn't support load-balancing or policy-based routing, so no you can't load-balance between two ISP unless you know the destination of the traffic you want to send across the second link. For example, you can send VPN traffic across one ISP and non-vpn traffic across another because we know the destination of the traffic, but you can't send http traffic through one link and non-http traffic through the other.

With two ISPs you can do high-availability and have ISP failover. Here is a link to that.

This guide is for ASAs below 8.2 and lower.

https://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

Message was edited by: August Ritchie

August Ritchie · ‎07-23-2010

Just wanted to make sure you get the edit about multiple context, if you have any questions about that config, please feel free to ask.

ericohermoso · ‎09-29-2010

Hello,

As we are implementing two isp, one isp is main and the second is the back up. Our condition is to utilize also the second isp link, Multiple context mode is helpful but it iseems that we cannot change our setup for the firewall which is single mode. Is it possible say that the main isp link will utilize 65% of the traffic and the remaining traffic will be handled by the second isp?