Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

is it possible to have three ISP connections to Cisco ASA 5510

Hi all,

We have a Cisco ASA 5510 firewall in one our customer location and currently we are using two ISP as a failover case. But the customer wants to add another ISP as a back up connection. Is it possible to have three ISPs with cisco ASA 5510 firewall.

Please do reply.

Thanks,

Peerbasha

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: is it possible to have three ISP connections to Cisco ASA 55

Hi,

Yes, it is possible . Right now it would be like outside and backup interface and configuration would be something like below (just an example):

route outside 0.0.0.0 0.0.0.0 10.200.159.1 1 track 1

route backup 0.0.0.0 0.0.0.0 10.250.250.1 253

sla monitor 123
 type echo protocol ipIcmpEcho 4.2.2.2 interface outside
 num-packets 3
 frequency 10

sla monitor schedule 124 life forever start-time now

Suppose now you add new interface backup2, then you need to configure following commands:

route backup2 0.0.0.0 0.0.0.0 10.250.250.1 254

sla monitor 124
 type echo protocol ipIcmpEcho 4.2.2.2 interface backup
 num-packets 3
 frequency 10

sla monitor schedule 124 life forever start-time now

Now, if primary goes down it will move to backup and if backup goes down it will move to backup2.

Hope it will help.

- Prateek Verma

3 REPLIES
New Member

Re: is it possible to have three ISP connections to Cisco ASA 55

Hi,

Yes, it is possible . Right now it would be like outside and backup interface and configuration would be something like below (just an example):

route outside 0.0.0.0 0.0.0.0 10.200.159.1 1 track 1

route backup 0.0.0.0 0.0.0.0 10.250.250.1 253

sla monitor 123
 type echo protocol ipIcmpEcho 4.2.2.2 interface outside
 num-packets 3
 frequency 10

sla monitor schedule 124 life forever start-time now

Suppose now you add new interface backup2, then you need to configure following commands:

route backup2 0.0.0.0 0.0.0.0 10.250.250.1 254

sla monitor 124
 type echo protocol ipIcmpEcho 4.2.2.2 interface backup
 num-packets 3
 frequency 10

sla monitor schedule 124 life forever start-time now

Now, if primary goes down it will move to backup and if backup goes down it will move to backup2.

Hope it will help.

- Prateek Verma

New Member

is it possible to have three ISP connections to Cisco ASA 5510

Hi Prateek Verma,

Thanks and it is working fine with above solution.

I would like to ask one question, for Outside route we are traking the reachability with track 1, where as do we need to use the same for backup route to track the reachability with track 2 i.e as follows

    Example:

             route outside 0.0.0.0 0.0.0.0 10.200.159.1 1 track 1

             route backup 0.0.0.0 0.0.0.0 10.250.250.1 253 track 2
            
            
route backup2 0.0.0.0 0.0.0.0 10.250.250.1 254
            
             track 1 rtr 123 reachability

             track 2 rtr 124 reachability

Please clarify.

Thanks,
Peerbasha

            
New Member

is it possible to have three ISP connections to Cisco ASA 5510

Hi Peerbasha,

Yes, I forgot to mention that, my mistake .

- Prateek Verma

466
Views
0
Helpful
3
Replies