Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ASA 5510 2 ISP Connections to Single DMZ

We have recently had to add another ISP connection to our ASA 5510 to acquire more static IP addresses.  We have purchased a new server and needed a new static IP address for it and so the ISP ran another drop into us to provide these additional statics.  The thinking on my part was that I'll configure the interface and then setup the Security rules and NAT to this new server pretty much the same way that our original ISP connection was setup.  Well this is not working and I have exhausted my knowledge (which didn't take long).  So my first question is pretty basic, can you have two ISP connections into just the ASA, no router, that point to different server IP addresses in the DMZ?  If so, can someone give me a high level of the steps required to configure such a scenario?  I can provide information from my config if that helps, I just didn't want to post the entire thing if it is not possible.


Cisco Employee

Re: ASA 5510 2 ISP Connections to Single DMZ

Hi Lee,

Unfortunately, the ASA doesn't support using 2 ISPs simultaneously. You can only configure the ASA to use one ISP as the primary and have the other as a backup.

Your best bet would be to get a simple router that can do policy-based routing and place it in front of the ASA. Then, you would route all traffic destined to the Internet directly to the router, who would then make the decision about which ISP should be used.

Hope that helps.


New Member

Re: ASA 5510 2 ISP Connections to Single DMZ

Thanks Mike.  From some of the related discussions I had found, I thought that was going to be the answer I got, but I wanted to ask just to make sure.



CreatePlease to create content