Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Multiple WAN connections, one firewall?

I am not sure if this is possible, and if it is, I am then not sure how this would be accomplished:

We will have 3 separate WAN connections provided by 3 separate ISP's coming into our office.  How may I set it up so that all three are firewalled using one ASA 5510?  I was told in passing that I could "just run them all through an edge router" then run that into the firewall, but upon further research, most routers are set to accept 1 WAN feed.  Is it possible to put a standard router outside of the firewall to combine the connections?  If so, what are the perils involved? 

We currently have 2 WAN connections with a small Watchguard appliance on each.  It would be nice to have one firewall appliance (the ASA 5510) and one edge router appliance (re-commission one of the Watchguards or another small router) to handle the whole situation. 

Obviously I am not a network administrator, but rather the "computer guy" naturally I am expected to wave my standard-issue magic "computer guy" wand and make it happen...that or press the "Any" key.  So please forgive my lack of knowledge on the subject.


Cisco Employee

Re: Multiple WAN connections, one firewall?

What is the reason for 3 ISPs?

Redundancy or

Load balancing?

Either way the ASA does not support this and you can read this thread there:

You can use a router like you are thinking and do route tracking for redundance or PBR for load balancing.


Re: Multiple WAN connections, one firewall?


It will best if you terminate your ISP links in router and do a Policy based routing based on the incoming traffic from LAN.I would suggest you to make setup in the below manner

                         ISP1 -----

                                                  Router---ASA--Local LAN

                         ISP2 -----

In this fashion you can configure load balancig of ISP and you can track the failure of ISP using IP SLA configuration in cisco routers.With the above setup only trusted traffic will be allowed in local lan which will be filtered by ASA.

Check out the below link on PBR to implement in routers

Hope that clear out your query !!



CreatePlease to create content