cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3464
Views
0
Helpful
6
Replies

Dual ISP on ASA 5505

thanhgiang
Level 1
Level 1

Hi,

At the moment I'm running a T1 to a Cisco ASA 5505 device.  I'm in the process of getting a backup ISP.  My question is, is it possible to configure this firewall with two ISPs so that the same  internal webserver can be accessed via backup ISP?

Thanh

6 Replies 6

ajay chauhan
Level 7
Level 7

Back up internet you can always configure but can not use backup link until primary fails.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

Thanks

Ajay

Still this does really answer my question.  Will I be able to access my website from the backup isp?

Thanks

Thanh

The issue you will have is with the DNS needing to be changed to the the backup providers ip when the primary goes down.

Here are some ideas to make this happen,

Option 1. Work with both providers to support routing BGP to you

Option 2. Each ISP will give you a different range of ip addresses,  Setup static mappings / forward ports from ips from both providers assigned ips to the same internal webserver or if is dhcp just forward the port from assinged address.  Then use a third party DNS provider that allow forwarding with redundancy.

Option 3. Utilize dynamic DNS with a third party DNS provider.

Answer is NO.

thanhgiang
Level 1
Level 1

Thanks Daniel, I will try that.

Thanh

Hi,

1. ASA doesn't support BGP

2. ASA doesn't support load balancing but only primary/backup failover with static routing and tracking feature

3; as far as I know DynDNS client is not supported on ASA

Regards.

Alain

Don't forget to rate helpful posts.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco