I'm thinking about firewalling off 2 WAN links from 2 ISPs with just one ASA. I'm going to setup second and third interfaces facing the WAN and treat them as if they were individual and just add routing to forward traffic as needed. I know of a setup where you can have redundancy with a fallback ISP but these 2 WAN links are going to be live at the same time. Is there anything I should be aware of, or is there a white paper that has a sample config I can look at?
That's fine. But say for example I have 2 networks outside, A, and B. I can't set a route on the firewall to direct all traffic destined for network A to go to router A and traffic to network B to go to router B (leaving a default route to go to either one of those routers)?
The ASA is not really designed to do that. Load balancing is not possible with 2 external links. You could do route tracking to failover to second ISP if primary failed.
You could also create 2 routes. Once for half the Internet and 1 for the other half. However, if you where hosting any services (web or mail) if the connection came on 1 ISP but the route on ASA sent it out the other interface the session would not established.
You could setup 1 interface as the default route on the ASA. Setup 1 or 2 routers on the edge of ISP as your gateway (2 w/ HSRP). Load balancing would be at the router level. But because you have 2 separate ISP's and 2 different subnets it becomes more of a challenge. Unless you could get them to advertise each others subnets (not likely) and use BGP to update the ISP. Other wise you would have to configure any NAT you need on the routers not the ASA.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :