Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

two ISP's, two ASA's.. right?

I have two ISP's.. right now we are maintaining 2 firewall's (one is primarly for mail, the other is everything else). I wanted to replace them with 2 ASA's in multiple context's with failover. But in my reading, it says that sharing an inside interface between two contexts means you have to NAT the destiantion address...

Can this be done? Have them as a fail-over pair? Have ASA1 with 2 contexts, one get's g0/0.1 on the outside and shares g0/1.1 on the inside with ASA2.. then ASA2 get's g0/0.2 from the other ISP... and shares g0/1.1 on the inside. (Sorry, my ASA interface terminology isn't up to date.. old pix guy trying to get up to speed with the ASA ;-)

If it doesn't make sense, I can attach a drawing.

TIA,

bk

1 REPLY
Silver

Re: two ISP's, two ASA's.. right?

Yes it can be done.

The need for doign natting is to safeguard your network from the ISP traffic.

The ISP traffic may make your network busy because of large internet tables.

105
Views
0
Helpful
1
Replies
CreatePlease to create content