09-30-2010 10:15 AM - edited 03-11-2019 11:48 AM
We have recently had to add another ISP connection to our ASA 5510 to acquire more static IP addresses. We have purchased a new server and needed a new static IP address for it and so the ISP ran another drop into us to provide these additional statics. The thinking on my part was that I'll configure the interface and then setup the Security rules and NAT to this new server pretty much the same way that our original ISP connection was setup. Well this is not working and I have exhausted my knowledge (which didn't take long). So my first question is pretty basic, can you have two ISP connections into just the ASA, no router, that point to different server IP addresses in the DMZ? If so, can someone give me a high level of the steps required to configure such a scenario? I can provide information from my config if that helps, I just didn't want to post the entire thing if it is not possible.
Thanks!
09-30-2010 01:07 PM
Hi Lee,
Unfortunately, the ASA doesn't support using 2 ISPs simultaneously. You can only configure the ASA to use one ISP as the primary and have the other as a backup.
Your best bet would be to get a simple router that can do policy-based routing and place it in front of the ASA. Then, you would route all traffic destined to the Internet directly to the router, who would then make the decision about which ISP should be used.
Hope that helps.
-Mike
09-30-2010 02:26 PM
Thanks Mike. From some of the related discussions I had found, I thought that was going to be the answer I got, but I wanted to ask just to make sure.
Thanks,
Lee
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide