ASA5520 redundant ISP on virtual interfaces

david.buitendag · ‎10-17-2006

Is it possible to implement redundant ISP's with failover firewalls using virtual interfaces and the ISP connetions? I have a 5520 with the standard number of interfaces and want to create virtual interfaces on the outisde interface?

jwjohansen · ‎10-18-2006

When you say virtual interfaces are you talking about sub interfaces?

These can each be a different vlan and can be monitored for failover etc...

ankurjai · ‎10-18-2006

You may create a sub-interface on the outside interface and use it as a backup interface. Here is a sample config :

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/conf_gd/ref/examples.htm#wp1038632

Please rate if it helps.

Sincerely,

~AJ

cpembleton · ‎10-20-2006

The interface tracking in that version brakes when using a failover pair. The tracking works until failover occurs. Then a reboot of both firewalls is required to fix the tracking.

Bug: CSCsd51407

Dual ISP fails after failover, routing table have stale routes

A new release is coming soon to fix the bug. 7.2(1) is the only version out that supports tracking.

Thanks,

Chad

kenkaplan · ‎11-07-2006

looks like they fixed the bug in ver 7.2.1.24 on the 10/30/2006

bug id CSCse99033

http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCse99033&Submit=Search