Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Does the PIX firewall/ASA 5500 Series support two Internet connections for redundancy


Wed, 07/22/2009 - 19:28
Jun 17th, 2009
User Badges:
  • Gold, 750 points or more


Note: This feature is applicable for PIX 500 series / ASA 5500 Series with software version 7.2(1) or later. For previous versions, the two Internet links need to be terminated on a router in front of the Security appliance, and redundancy needs to be configured on the router because route tracking is not available in these versions.

Use this feature for redundancy or backup purposes only. Outgoing traffic uses the primary Internet service provider (ISP) and then the secondary ISP, if the primary fails.

Use the static route tracking feature on the Security Appliance in order to enable the device to use redundant or backup Internet connections. This feature enables the Security Appliance to continuously query and monitor a remote device/IP address on the Internet Control Message Protocol (ICMP) echo, which in this case is a remote default gateway for ISP. If ICMP monitoring detects that the device is down, then a backup route works instead.

Refer to ASA/PIX 7.x to Support Dual ISP Links Configuration Example for more information on how to configure.

Product Family

Firewall - PIX 500 series

ASA Hardware & Software

PIX Software Version

PIX version 7.x

ASA Software Version




This Document

Related Content