Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
389
Views
0
Helpful
4
Replies

How do I setup ASA for 2 ISPs. One managed router

stevewoods3
Level 1
Level 1

‎07-01-2014 10:31 AM - edited ‎03-07-2019 07:53 PM

I need to setup like the pic. I can't change the internet IP of the TW router because it is managed and I do not have access. We don't want to redo the IP scope for the network. So I need the ASA to bridge that connection and then fail-over to the TWC cable if TW goes down. Currently there is only the TW connection and no ASA. This is a proposed solution.

Thanks for your help.

Labels:
0 Helpful
4 Replies 4

Alexey Prilutskiy
Level 1
Level 1

‎07-22-2015 08:18 AM

I think better you could change addresses behind your asa's inside interface to another private subnet. Then you will be able to use existing subnet 10.135.120.0 for transport between asa and TW router. All asa's interfaces will be L3 and ASA will work in routed mode.

0 Helpful

robpeay
Level 1
Level 1
In response to Alexey Prilutskiy

‎07-22-2015 09:08 AM

I agree with Alexey.  change the subnet behind your firewall to something else.  Use your firewall as a DHCP (if that is what you are using the tw router for as well).  then you can set two static default routes out (one weighted) to the two different ISP's.

0 Helpful

Robert Hillcoat
Level 1
Level 1

‎08-20-2015 01:29 AM

As the previous replies state, use an internal or DMZ network for your inside network. 

What your trying to achieve can be easily done with IPSLA, track the default route to the TW router and when that is no longer available the default route will automatically failover to the cable modem. Route tracking is available on the Cisco ASA. 

 

hope this helps. 

0 Helpful

agapitca19
Level 1
Level 1

‎09-22-2015 01:15 PM

I agree with Alexey and robpeay to change the subnet of your LAN which will be behind your ASA's inside interface.

 

As far as failover is concerned, I am going for ip sla tracking that Robert had suggested if it's supported on ASA because that allows your firewall to send probe to the gateway then if failure is detected, connection automatically shifts to the standby IP. Using static routes with different administrative distance can also be used but  if the problem resides on the ISP side and the physical ports on the ISP router facing your firewall remain up, sometimes a set up like this doesn't work well.

 

HTH

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card