ASA 5520 DUAL ISP

rafael.2007 · ‎07-24-2008

Hello Guys,

I have an ASA 5520 and wanna know, but couldn't find any information, if I can use the ASA with 2 ISP connections. One ISP will be my DMZ and VPN connections and the other one is for my normal internet traffic.

I can also think in configuring the links as backup for each other.

Any ideas?

dhananjoy chowdhury · ‎07-24-2008

Hi,

Here is an example.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

Marcin Zgola · ‎07-25-2008

You can't do it.

You can have two ISP but one of them will be sitting there just for the backup purposes. The problem is that ASA can;t have 2 ISP but only can handle one default route. So lets say in your example. You want setup DMZ for incoming VPN connection. But you do not know what ip addresses these VPN connections will be comming from (SSL VPN, Cisco VPN Client,). Also, you want all internet traffic to use outside interface. In order to accomplish that you need two default static routes and you can;t do that.

One time i did that for the client, but DMZ interface was used for Point to Point VPN tunnels , so my static default route was pointing to ISP on outside interface, and static routes for my vpn peers where pointing to DMZ interface. Also i had to add routes for private ranges (across vpn link) to 2 ISP as well. This works just fine.

hopefully this helps you undersdand asa with dual ISP

CCIE 18676