Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ASA 5540 with 2 ISP's

Can I connect 2 different ISP's to my ASA by creating 2 different "outside" interfaces?

If possible I would like to dedicate my existing T1 for email and use my new connection for browsing.

Also I have my existing T1 connected to a Cisco 2500 and regarding the new connection, they promise a RJ45 connection directly to the ASA for their Internet connection in our building.

Does anyone know if this is possible?

Thank you.

-Dominick

3 REPLIES

Re: ASA 5540 with 2 ISP's

Hi Dominic,

To achieve this, the ASA Outside (e0) interface need to be connected to a switch with dot1Q encap.

Create 2 sub-interfaces (need IPs from each T1's ISP) under Outside interface to host connection from 2 different links.

Next, you need a switch (put before ASA) to host 2 VLANs that will be used to connect those T1 links. Example - Vlan 10 & Vlan 20. Set the switchport connected to ASA Outside interface as trunk with dot1Q encap, and allow those 2 vlans to pass through.

For the existing T1, connect the RJ45 to the switch, and make sure the switch port belongs to one of those VLANs, example VLAN10.

For your new T1 link, connect the RJ45 to the switchport belongs to VLAN20.

Guide to create sub-interfaces:

http://www.cisco.com/en/US/partner/products/ps6120/products_configuration_guide_chapter09186a008054d463.html#wp1044006

Rgds,

AK

Community Member

Re: ASA 5540 with 2 ISP's

Hi AK,

Is there really a need to create sub-interfaces on the ASA? How about connecting the ASA to a L3 switch as the next hop and to let the switch take care of routing the traffic according to a configured policy-based routing?

Regards,

Haitham

Re: ASA 5540 with 2 ISP's

Hi Haitham,

Yes, I think you could use PBR. I have not use/try this method before (in this specific scenario), but it will be interesting to test/simulate it in the lab.

As you know, PBR allows you to:

- Classify traffic based on extended access list criteria. Access lists, then establish the match criteria.

- Route packets to specific traffic-engineered paths.

Policies can be based on IP address, port numbers, or protocols.

PBR config guide for L3 Switch:

http://www.cisco.com/en/US/partner/products/hw/switches/ps4324/products_configuration_guide_chapter09186a00801cddc5.html

PBR config guide for router:

http://www.cisco.com/en/US/partner/products/ps6350/products_configuration_guide_chapter09186a00800c75d2.html

PBR Scenario Example:

http://www.cisco.com/en/US/customer/tech/tk365/technologies_tech_note09186a008009481d.shtml

But the presense of Firewall will enforce better security, compared to logical VLAN separation between ISPs in a L3 device.

Pls give it a try, and hopefully it works. Good luck!

Rgds,

AK

199
Views
4
Helpful
3
Replies
CreatePlease to create content