We have recently had to add another ISP connection to our ASA 5510 to acquire more static IP addresses. We have purchased a new server and needed a new static IP address for it and so the ISP ran another drop into us to provide these additional statics. The thinking on my part was that I'll configure the interface and then setup the Security rules and NAT to this new server pretty much the same way that our original ISP connection was setup. Well this is not working and I have exhausted my knowledge (which didn't take long). So my first question is pretty basic, can you have two ISP connections into just the ASA, no router, that point to different server IP addresses in the DMZ? If so, can someone give me a high level of the steps required to configure such a scenario? I can provide information from my config if that helps, I just didn't want to post the entire thing if it is not possible.
Unfortunately, the ASA doesn't support using 2 ISPs simultaneously. You can only configure the ASA to use one ISP as the primary and have the other as a backup.
Your best bet would be to get a simple router that can do policy-based routing and place it in front of the ASA. Then, you would route all traffic destined to the Internet directly to the router, who would then make the decision about which ISP should be used.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :