1) Since I have two public (static) IPs from the DSL & Cable connections, should I have two router interfaces connected to two interfaces on the ASA, or can I just have one interface connecting the router and ASA, binding both public IPs onto one ASA interface?
2) Do you see any pitfalls in doing it this way (router in bridge mode) vs just doing a double NAT (NAT traffic at the router, and then again at the ASA)
You should be able to bind two IP addresses to one interface on the ASA.
Like say you had two servers on the core switch and you wanted to use two different external IP addresses. You can do something like below where 188.8.131.52 belongs to one ISP and 184.108.40.206 belongs to another ISP
static (inside,outside) 220.127.116.11 192.168.1.5
static (inside,outside) 18.104.22.168 192.168.1.6
You just need to make sure that you have a route back from the router for the networks pointing to the ASA.
As for pitfalls, double nat may make things confusing but is viable.
Hopefully this makes sense/helps, please tell me if I am not understanding your question.
As a follow-up question, since the router is bridging the connection, I will need to configure the ASA interface with ppp, etc, for the public IPs--But can I do that with the Interface having two public IPs bound to it?
Both ISPs require PPPoE to get access to your public IP addresses?
The way I was describing before you would have one public IP address allocated to the physical interface, and then basically the ASA would proxy for the secondary IP address and foward it back to whatever device needed it.
So here was my scenario
router|22.214.171.124 ---- 126.96.36.199| ASA
Then the ASA would have a static for the other ip address so you could host different items like another webserver.
So on the router you would put something like
ip route 188.8.131.52 255.255.255.255 184.108.40.206
And on the ASA you would have
static (inside,outside) 220.127.116.11 192.168.5.5
But if both ISPs require that you do PPPoE to get the IP address, then we will need to think of another way as the ASA will only allow you to get one address from PPPoE.
Is there no way the other ISP could just route the IP back to you without having to do PPPoE?
Ahh since I know that you are using this second link for a VPN, I would say running the two connections directly to the ASA should be fine.
The problem usually with this scenario is that the ASA won't load balance between two ISPs, but since we know the destination for the VPN traffic, we can setup static routes to send it across a secondary internet connection.
So in short, I believe just connecting both ISPs as you have described, directly to the ASA, should be the easiest way. Here is my usual configuration for splitting off the VPN traffic.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...