Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
335
Views
0
Helpful
3
Replies

Two outside interface

Go to solution
Mero Cisco
Level 1
Level 1

‎12-15-2013 06:22 AM - edited ‎03-11-2019 08:18 PM

Hi,

I have got the cisco ASA 5520 with the following ip address:

Example purpose only:

=======================

Outside5: 8.8.8.0/24 (connected to ISP1)

interface5: 10.10.0.0/16 (Connected to LAN)

static (interface5,outside5) 8.8.8.8 10.10.10.10 netmask 255.255.255.255

I have got the above scenario and working well on the live environment.

Now I am planning to add another ISP as follows:

Outside10: 7.7.7.0/24 (Connected to ISP2)

Upto this their will be no any trouble.

But will the following statement works ? If it does work how will it route ?

static (interface5,outside10) 7.7.7.7 10.10.10.10 netmask 255.255.255.255

Regards,

Mero

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to Mero Cisco

‎12-15-2013 09:27 AM

Hi,

To my understanding the inbound connections will work from both ISPs to this hosts and connections from each ISP will have their return traffic forwarded according to the existing XLATE on the firewall.

However when the actual server forms a connection outbound it will only use the ISP which holds the current active default route.

- Jouni

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎12-15-2013 06:27 AM

Hi,

It will probably work for the incoming/inbound connections towards the IP address 7.7.7.7. Connection will come through the ISP2 and return traffic will flow through ISP2 also.

I think however that the host 10.10.10.10 will only form outbound connections through ISP1 if its holding the default route.

- Jouni

0 Helpful

Go to solution
Mero Cisco
Level 1
Level 1
In response to Jouni Forss

‎12-15-2013 09:17 AM

Hi,

Will the inbound traffic come from isp1 also.

Actually 10.10.10.10 is the public web server and I want to maintain isp fail over. Will this concept work ? Both public ip will be registered as dns.

Regards

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to Mero Cisco

‎12-15-2013 09:27 AM

Hi,

To my understanding the inbound connections will work from both ISPs to this hosts and connections from each ISP will have their return traffic forwarded according to the existing XLATE on the firewall.

However when the actual server forms a connection outbound it will only use the ISP which holds the current active default route.

- Jouni

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card