Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA5505 02 ISP

Hi,

I have to sugest a solution to my customer which can support 02 different ISPs simultaneously in active mode on ASA5505-SEC-BUN-K9. Is this solution possible.

Thanks & Regards

5 REPLIES
New Member

Re: ASA5505 02 ISP

Yes although load balancing isn't supported multiple default routes are through object tracking.

New Member

Re: ASA5505 02 ISP

Hi Thanks for your comment, it would be nice if you can explain more or give an example.

Thanks & Regards

New Member

Re: ASA5505 02 ISP

Pls explain with an example, it would be really nice.

Thanks & Regards

New Member

Re: ASA5505 02 ISP

Pls explain with an example, it would be really nice.

Thanks & Regards

New Member

Re: ASA5505 02 ISP

Hello

First of all you can't have two ISP active at the same time in an ASA5505. This is because the ASA can only handle one default route.

The workaround would ony work whenever you know the destination you are looking for:

Lets assume this:

outside: 5.5.5.5 /27

inside: 10.10.10.0 /24

backup: 6.6.6.6/27

Interface backup is the secondary ISP

As default route you got:

route outside 0 0 5.5.5.6

for nat:

nat (inside) 1 0 0

global (outside) 1 interface

All unknown traffic from inside would use the default route and would be leaving through 5.5.5.6

The only way to force traffic out through the backup interface would be to know which destination you are looking for and force it through the secondary ISP

for example, adding a route like this:

route backup 200.0.0.0 255.0.0.0 6.6.6.7

All traffic meant to network 200.0.0.0/8 would leave through backup interface, using secodnary ISP. This is the only way to force traffic through a secondary ISP, and it will not create load balancing.

About previous reply of using object tracking that would be for using a Backup ISP. This means as soon as your primary ISP goes down, the secondary would take over:

https://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

Cheers

128
Views
0
Helpful
5
Replies
CreatePlease login to create content