Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Multiple ASA'a and Multiple gateways

We have a main offfice and remote office on different ISP's - both behind ASA-5510s. Main office is a subnet, remote office is Offices were connected through a point to point vpn on the ASAs. We now have a direct layer 2 connection between the locations so we can connect without the VPN (connection will be behind the ASA's directly from switch to switch). My question is if both offices are on the same internal subnet ( and the ASA's have different ISP's (and public addresses) will it work to set the main office systems to ASA #1 (and ISP #1) for the gateway for all internet traffic and the remote office systems to ASA #2 (and ISP #2) for their internet traffic? What I want is all WAN traffic for the main office coming and going through ASA and ISP #1 and all WAN traffic to and from the remote office coming and going through ASA and ISP #2, but all LAN traffic on the same subnet. Thanks!

Everyone's tags (2)
Cisco Employee

Re: Multiple ASA'a and Multiple gateways


If I understand your question correctly, what you describe will only work if both ASA's have an interface in the subnet. You won't be able to add a default gateway to your host unless it's in the same subnet. In addition, the ASA doesn't support any type of policy-based routing.

That being said, could you leave the subnets as they currently are ( and If so, I've done something very similar to this in the past. It looked like this:

Switch #1-----L2 connection------Switch #2

|                                                              |

ASA  #1-----------Internet--------------ASA #2

|                                                              |

Clients []      Clients []

In this setup, the cilents had a default gateway of the ASA at their respective site. This accomplished what it sounds like you want to do. If a client at site #1 wanted to send traffic to a client at site #2, it would travel to ASA #1, then ASA #2 via the L2 connection, and on to the destination host. Any other traffic used the ASA's default gateway of its ISP and went out through the site's Internet connection.

Hope that helps.