Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ASA5520 redundant ISP on virtual interfaces

Is it possible to implement redundant ISP's with failover firewalls using virtual interfaces and the ISP connetions? I have a 5520 with the standard number of interfaces and want to create virtual interfaces on the outisde interface?

4 REPLIES
Community Member

Re: ASA5520 redundant ISP on virtual interfaces

When you say virtual interfaces are you talking about sub interfaces?

These can each be a different vlan and can be monitored for failover etc...

Community Member

Re: ASA5520 redundant ISP on virtual interfaces

You may create a sub-interface on the outside interface and use it as a backup interface. Here is a sample config :

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/conf_gd/ref/examples.htm#wp1038632

Please rate if it helps.

Sincerely,

~AJ

Silver

Re: ASA5520 redundant ISP on virtual interfaces

The interface tracking in that version brakes when using a failover pair. The tracking works until failover occurs. Then a reboot of both firewalls is required to fix the tracking.

Bug: CSCsd51407

Dual ISP fails after failover, routing table have stale routes

A new release is coming soon to fix the bug. 7.2(1) is the only version out that supports tracking.

Thanks,

Chad

Community Member

Re: ASA5520 redundant ISP on virtual interfaces

looks like they fixed the bug in ver 7.2.1.24 on the 10/30/2006

bug id CSCse99033

http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCse99033&Submit=Search

269
Views
0
Helpful
4
Replies
CreatePlease to create content