Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
288
Views
0
Helpful
1
Replies

two ISP's, two ASA's.. right?

bkastor
Level 1
Level 1

‎05-08-2006 11:02 AM - edited ‎02-21-2020 12:53 AM

I have two ISP's.. right now we are maintaining 2 firewall's (one is primarly for mail, the other is everything else). I wanted to replace them with 2 ASA's in multiple context's with failover. But in my reading, it says that sharing an inside interface between two contexts means you have to NAT the destiantion address...

Can this be done? Have them as a fail-over pair? Have ASA1 with 2 contexts, one get's g0/0.1 on the outside and shares g0/1.1 on the inside with ASA2.. then ASA2 get's g0/0.2 from the other ISP... and shares g0/1.1 on the inside. (Sorry, my ASA interface terminology isn't up to date.. old pix guy trying to get up to speed with the ASA ;-)

If it doesn't make sense, I can attach a drawing.

TIA,

bk

0 Helpful
1 Reply 1

aghaznavi
Level 5
Level 5

‎05-15-2006 06:03 AM

Yes it can be done.

The need for doign natting is to safeguard your network from the ISP traffic.

The ISP traffic may make your network busy because of large internet tables.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card