https://community.cisco.com/t5/network-security/two-outside-interface/m-p/2356720#M307094 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>To my understanding the inbound connections will work from both ISPs to this hosts and connections from each ISP will have their return traffic forwarded according to the existing XLATE on the firewall.</P><P></P><P>However when the actual server forms a connection outbound it will only use the ISP which holds the current active default route.</P><P></P><P>- Jouni</P></BODY></HTML> Sun, 15 Dec 2013 17:27:17 GMT Jouni Forss 2013-12-15T17:27:17Z https://community.cisco.com/t5/network-security/two-outside-interface/m-p/2356717#M307090 <P>Hi, </P><P></P><P>I have got the cisco ASA 5520 with the following ip address:</P><P></P><P>Example purpose only:</P><P>=======================</P><P><SPAN style="font-size: 10pt;">Outside5: 8.8.8.0/24 (connected to ISP1)</SPAN></P><P><SPAN style="font-size: 10pt;">interface5: 10.10.0.0/16 (Connected to LAN)</SPAN></P><P></P><P></P><P><SPAN style="font-size: 10pt;">static (interface5,outside5) 8.8.8.8 10.10.10.10 netmask 255.255.255.255</SPAN></P><P></P><P>I have got the above scenario and working well on the live environment. </P><P></P><P>Now I am planning to add another ISP as follows: </P><P></P><P>Outside10: 7.7.7.0/24 (Connected to ISP2)</P><P></P><P>Upto this their will be no any trouble. </P><P></P><P>But will the following statement works ? If it does work how will it route ?</P><P></P><P>static (interface5,outside10) 7.7.7.7 10.10.10.10 netmask 255.255.255.255</P><P></P><P></P><P>Regards, </P><P></P><P>Mero</P> Tue, 12 Mar 2019 03:18:04 GMT https://community.cisco.com/t5/network-security/two-outside-interface/m-p/2356717#M307090 Mero Cisco 2019-03-12T03:18:04Z https://community.cisco.com/t5/network-security/two-outside-interface/m-p/2356718#M307091 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>It will probably work for the incoming/inbound connections towards the IP address 7.7.7.7. Connection will come through the ISP2 and return traffic will flow through ISP2 also.</P><P></P><P>I think however that the host 10.10.10.10 will only form outbound connections through ISP1 if its holding the default route.</P><P></P><P>- Jouni</P></BODY></HTML> Sun, 15 Dec 2013 14:27:31 GMT https://community.cisco.com/t5/network-security/two-outside-interface/m-p/2356718#M307091 Jouni Forss 2013-12-15T14:27:31Z https://community.cisco.com/t5/network-security/two-outside-interface/m-p/2356719#M307093 <HTML><HEAD></HEAD><BODY><P>Hi, </P><P>Will the inbound traffic come from isp1 also. </P><P>Actually 10.10.10.10 is the public web server and I want to maintain isp fail over. Will this concept work ? Both public ip will be registered as dns. </P><P></P><P>Regards</P></BODY></HTML> Sun, 15 Dec 2013 17:17:56 GMT https://community.cisco.com/t5/network-security/two-outside-interface/m-p/2356719#M307093 Mero Cisco 2013-12-15T17:17:56Z https://community.cisco.com/t5/network-security/two-outside-interface/m-p/2356720#M307094 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>To my understanding the inbound connections will work from both ISPs to this hosts and connections from each ISP will have their return traffic forwarded according to the existing XLATE on the firewall.</P><P></P><P>However when the actual server forms a connection outbound it will only use the ISP which holds the current active default route.</P><P></P><P>- Jouni</P></BODY></HTML> Sun, 15 Dec 2013 17:27:17 GMT https://community.cisco.com/t5/network-security/two-outside-interface/m-p/2356720#M307094 Jouni Forss 2013-12-15T17:27:17Z