ASA 5510 2 ISP Connections to Single DMZ

Unanswered Question
Sep 30th, 2010

We have recently had to add another ISP connection to our ASA 5510 to acquire more static IP addresses.  We have purchased a new server and needed a new static IP address for it and so the ISP ran another drop into us to provide these additional statics.  The thinking on my part was that I'll configure the interface and then setup the Security rules and NAT to this new server pretty much the same way that our original ISP connection was setup.  Well this is not working and I have exhausted my knowledge (which didn't take long).  So my first question is pretty basic, can you have two ISP connections into just the ASA, no router, that point to different server IP addresses in the DMZ?  If so, can someone give me a high level of the steps required to configure such a scenario?  I can provide information from my config if that helps, I just didn't want to post the entire thing if it is not possible.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mirober2 Thu, 09/30/2010 - 13:07

Hi Lee,

Unfortunately, the ASA doesn't support using 2 ISPs simultaneously. You can only configure the ASA to use one ISP as the primary and have the other as a backup.

Your best bet would be to get a simple router that can do policy-based routing and place it in front of the ASA. Then, you would route all traffic destined to the Internet directly to the router, who would then make the decision about which ISP should be used.

Hope that helps.


bioya2000 Thu, 09/30/2010 - 14:26

Thanks Mike.  From some of the related discussions I had found, I thought that was going to be the answer I got, but I wanted to ask just to make sure.




This Discussion