Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5510 - dual ISPs

Dear All

i have ASA 5510 with Security Plus License (5 FE ports).

i want to terminate my two ISPs (one with Static public IP address and other with dynamic IP) in ASA 5510 and want to give IPSec VPN Connectivity for my remote users.

Is it possible to connect two different ISPs in a single box and route IPSec VPN user traffic thro a specific Link (Static Public IP Link) and rest of internet traffic through a different link.

Regards

Arjun

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: ASA 5510 - dual ISPs

Hi Arjun

I believe it is not possible.

Normally you could create different contexts with different default gateways. If you add Policybased Routing on a Router behind the Firewall you could forward different traffic to the different Contextes, and thereby use two ISP's and select what kind of traffic should be sendt using which ISP. In this way you could separate the ISP-Traffic for example for HTTP, SMTP, FTP and so on.

But as soon as you create contexts IPSEC VPN is no longer supported.

So sorry

Regards

Jarle

4 REPLIES

Re: ASA 5510 - dual ISPs

In dual ISP mode, I believe that only one connection is "active" meaning that the firewall is routing out to that connection. I think you'll have to have two ASA's per your requirements above.

New Member

Re: ASA 5510 - dual ISPs

Hi Arjun

I believe it is not possible.

Normally you could create different contexts with different default gateways. If you add Policybased Routing on a Router behind the Firewall you could forward different traffic to the different Contextes, and thereby use two ISP's and select what kind of traffic should be sendt using which ISP. In this way you could separate the ISP-Traffic for example for HTTP, SMTP, FTP and so on.

But as soon as you create contexts IPSEC VPN is no longer supported.

So sorry

Regards

Jarle

New Member

Re: ASA 5510 - dual ISPs

i want to try do the dual isp in active active, using route maps. Has anyone done this?

i was able to do dual isp but in active failover mode. only if primary connection was down it would redirect traffic to the other line.

New Member

Re: ASA 5510 - dual ISPs

Hi,

The easist way is to put a router in front of the ASA,and let the router make the load balance. If you use multiple context in ASA, you cannot use VPN, also you will create extra subnet.

regards

189
Views
0
Helpful
4
Replies