Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)

Two Active Internet Links?

Hi Guys,

I know this can be done on other firewalls which support source based routing, but I was wondering if its possible on an ASA to have two active ISP connections? So for example if I wanted to force Network A's Internet traffic(which could be any public IP) to go out one ISP and force Network B's Internet traffic to go out another?

Could contexts be used to do this maybe?

cheers.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Two Active Internet Links?

marcosgeorgopoulos wrote:

Hi Guys,

I know this can be done on other firewalls which support source based routing, but I was wondering if its possible on an ASA to have two active ISP connections? So for example if I wanted to force Network A's Internet traffic(which could be any public IP) to go out one ISP and force Network B's Internet traffic to go out another?

Could contexts be used to do this maybe?

cheers.

Marcos

Contexts would pretty much be the only way to achieve what you want assuming you have spare interfaces on the ASA for the context ie. do you have an inside interface for network A, one for network B and 2 interfaces for the outside connected to each ISP ? You could always use subinterfaces if you don't have spare physical interfaces.

Then with each context has it's own default-route ie. the relevant ISP.

Jon

2 REPLIES
Hall of Fame Super Blue

Re: Two Active Internet Links?

marcosgeorgopoulos wrote:

Hi Guys,

I know this can be done on other firewalls which support source based routing, but I was wondering if its possible on an ASA to have two active ISP connections? So for example if I wanted to force Network A's Internet traffic(which could be any public IP) to go out one ISP and force Network B's Internet traffic to go out another?

Could contexts be used to do this maybe?

cheers.

Marcos

Contexts would pretty much be the only way to achieve what you want assuming you have spare interfaces on the ASA for the context ie. do you have an inside interface for network A, one for network B and 2 interfaces for the outside connected to each ISP ? You could always use subinterfaces if you don't have spare physical interfaces.

Then with each context has it's own default-route ie. the relevant ISP.

Jon

Re: Two Active Internet Links?

Thanks John,

Yeah I had a hunch that would be the only way to go... Unfortunately the use of contexts would eliminate my ability to use the ASA VPN functionality.

ok, back to the drawing board.

Thanks again.

207
Views
0
Helpful
2
Replies
CreatePlease to create content