Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Configuration Assistance


We are looking to bring Comcast as our second ISP: ISP2

Our current provider provided their own Managed Internet Router.

With Comcast, we had to supply our own Internet Router.

Comcast with supply us with an a.b.c.d/30 range to connected to their WAN Router.

Also, Comcast with provide us with an w.x.y.z/28 range for Public hosts.

We currently have a connection from the ASA5520 outside interface to the ISP1 Managed Internet Router.

How do I configure the requested ISP2 internet router?

Any help is really apreciated.


Configuration Assistance


If you have ports you can connect the ASA5520 port to the ISP2, but only and I mean only if you use IGP protocol (e.g. OSPF) or static routing.

1st thing to clarify, what routing protocol do you want to run between you and ISP2?

Please reply and then we'll see how we can help!


Community Member

Configuration Assistance

Thanks for your response, but I am still confused about your answer.

Currently ISP1 Managed Router is connected to FW.

Now the difference with ISP2 is that, we have to provide our own Interent Router, then  connect to FW.

No running protocols in the FW.

So, the questions is, how do I configure the requested ISP2 internet router? ISP2 provide us with a /30 range for a Point t Point connection to their WAN router, then we have to request another range for our Public IP addresses.

Configuration Assistance

If you have no dynamic routing, then you acquire a router with at leat 2 Ethernet interfaces.

One interface will be connected to the WAN router (your provider router) and will use one IP from the /30 provided. This has to be discussed with the provider what they will use and what you will use not to overlap.

The second interface will be connected to your ASA. For L3 connection, depending on your actual configuration, you may take one /30 from the /28 provided to you and establish the connection between ASA and your router.

Another solution is not to split the /28 and just used it like this with 1 IP on the router, 1 IP on the ASA and the rest of the IP addresses from the /28 to NAT your private range.




Configuration Assistance

What are you trying to accomplish?  Do you want failover, do you want to use both links at the same time?  Do you want some load sharing.  Each scenerio brings a different way to set this up?

You can do this with static routes and send half the organization out one connection via PBR or use HSRP for failover, or create 2 groups for another way.

The requirement is needed before a suggestion can be given.  Also knowing what you have in the environment will help, is everything static now, eigrp, ospf, rip, etc...

CreatePlease to create content