Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

implement a secondary ISP to ASA 5510

We are in the process of implementing secondary ISP to our ASA firewall and I wondered if anyone else has configured something like this ??

We would like to run both ISPs in parallel so we can test until we finally cutover

Any help would be greatly appreciated

Thanks

Mark

2 REPLIES
VIP Purple

implement a secondary ISP to ASA 5510

The ASA only supports the concept of primary and backup ISP. You cant use both at the same time if you need a default-route for both of them. And if you want to test the new functionality on the new link you probably need that.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

implement a secondary ISP to ASA 5510

Hello,

You could implement the SLA monitoring, so you can have a redundant path in case you lost connectivity to the outside world via the primary ISP.

This will not allow Load-balancing.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

As you might now there is no possibility to do PBR on the ASA, but just as a workaround you could send all HTTP and HTTPS traffic over a link based on nat rules... Or send all the VPN traffic over a link and then the rest of the traffic over the other one

Those are the two options you have

Remember to rate all the helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
405
Views
0
Helpful
2
Replies
CreatePlease to create content