Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Dual ISP HA firewall


Anyone got any idea on how to acheive

dual ISP, dual firewall (HA).

I need design a network the uses 2 ASA 5520, and load balance between 2 different ISP.

I have seen the sample configuration for two ISP but active and standby.

I need both the firewall and ISP to loadbalanced. Wonder anyone has push this to the limited ?


Re: Dual ISP HA firewall

BGP is the only way I can think of. A single IP range advertised both by ISPs.

Re: Dual ISP HA firewall

I hope it helps .. please rate it if it does !!!

New Member

Re: Dual ISP HA firewall

well that can be done only for outbound loadbalancing...i.e. traffic going out of the network.....

New Member

Re: Dual ISP HA firewall

I do not believe you can achieve load balancing between 2 ISP's because of how BGP works. You can achieve redundancy in the event your primary ISP connection goes down via BGP and HSRP. The following links should help you with that information.


New Member

Re: Dual ISP HA firewall

wat u will have to do is....

lets say we have two vlans (10,20) and two ISPs (1 and 2)

We can use the two firewalls either in active/satndby mode or

We will nat all user on vlan 10 to isp 1 public IP

And Vlan 20 users to isp2 public IP...

both the isps will be connectd to a single router...

this router will have policy based routing (pbr) defining that traffic from any IP ISP1 will be sent to isp1 and isp2 to isp2..

this would provide us witg basic kind of loadbalancing..

hope that helps...

CreatePlease login to create content