Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
413
Views
0
Helpful
2
Replies

ASA 5510 2 ISP Connections to Single DMZ

bioya2000
Level 1
Level 1

‎09-30-2010 10:15 AM - edited ‎03-11-2019 11:48 AM

We have recently had to add another ISP connection to our ASA 5510 to acquire more static IP addresses.  We have purchased a new server and needed a new static IP address for it and so the ISP ran another drop into us to provide these additional statics.  The thinking on my part was that I'll configure the interface and then setup the Security rules and NAT to this new server pretty much the same way that our original ISP connection was setup.  Well this is not working and I have exhausted my knowledge (which didn't take long).  So my first question is pretty basic, can you have two ISP connections into just the ASA, no router, that point to different server IP addresses in the DMZ?  If so, can someone give me a high level of the steps required to configure such a scenario?  I can provide information from my config if that helps, I just didn't want to post the entire thing if it is not possible.

Thanks!

Labels:
0 Helpful
2 Replies 2

mirober2
Cisco Employee
Cisco Employee

‎09-30-2010 01:07 PM

Hi Lee,

Unfortunately, the ASA doesn't support using 2 ISPs simultaneously. You can only configure the ASA to use one ISP as the primary and have the other as a backup.

Your best bet would be to get a simple router that can do policy-based routing and place it in front of the ASA. Then, you would route all traffic destined to the Internet directly to the router, who would then make the decision about which ISP should be used.

Hope that helps.

-Mike

0 Helpful

bioya2000
Level 1
Level 1
In response to mirober2

‎09-30-2010 02:26 PM

Thanks Mike.  From some of the related discussions I had found, I thought that was going to be the answer I got, but I wanted to ask just to make sure.

Thanks,

Lee

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card