Configuration Assistance

Unanswered Question
Jan 30th, 2012
User Badges:


We are looking to bring Comcast as our second ISP: ISP2

Our current provider provided their own Managed Internet Router.

With Comcast, we had to supply our own Internet Router.

Comcast with supply us with an a.b.c.d/30 range to connected to their WAN Router.

Also, Comcast with provide us with an w.x.y.z/28 range for Public hosts.

We currently have a connection from the ASA5520 outside interface to the ISP1 Managed Internet Router.

How do I configure the requested ISP2 internet router?

Any help is really apreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Calin Chiorean Mon, 01/30/2012 - 13:50
User Badges:
  • Silver, 250 points or more


If you have ports you can connect the ASA5520 port to the ISP2, but only and I mean only if you use IGP protocol (e.g. OSPF) or static routing.

1st thing to clarify, what routing protocol do you want to run between you and ISP2?

Please reply and then we'll see how we can help!


aosandoval Tue, 01/31/2012 - 05:56
User Badges:

Thanks for your response, but I am still confused about your answer.

Currently ISP1 Managed Router is connected to FW.

Now the difference with ISP2 is that, we have to provide our own Interent Router, then  connect to FW.

No running protocols in the FW.

So, the questions is, how do I configure the requested ISP2 internet router? ISP2 provide us with a /30 range for a Point t Point connection to their WAN router, then we have to request another range for our Public IP addresses.

Calin Chiorean Tue, 01/31/2012 - 06:02
User Badges:
  • Silver, 250 points or more

If you have no dynamic routing, then you acquire a router with at leat 2 Ethernet interfaces.

One interface will be connected to the WAN router (your provider router) and will use one IP from the /30 provided. This has to be discussed with the provider what they will use and what you will use not to overlap.

The second interface will be connected to your ASA. For L3 connection, depending on your actual configuration, you may take one /30 from the /28 provided to you and establish the connection between ASA and your router.

Another solution is not to split the /28 and just used it like this with 1 IP on the router, 1 IP on the ASA and the rest of the IP addresses from the /28 to NAT your private range.



Rick Morris Tue, 01/31/2012 - 11:11
User Badges:
  • Silver, 250 points or more

What are you trying to accomplish?  Do you want failover, do you want to use both links at the same time?  Do you want some load sharing.  Each scenerio brings a different way to set this up?

You can do this with static routes and send half the organization out one connection via PBR or use HSRP for failover, or create 2 groups for another way.

The requirement is needed before a suggestion can be given.  Also knowing what you have in the environment will help, is everything static now, eigrp, ospf, rip, etc...


This Discussion