02-18-2009 09:50 PM - edited 03-11-2019 07:53 AM
Hi,
I have to sugest a solution to my customer which can support 02 different ISPs simultaneously in active mode on ASA5505-SEC-BUN-K9. Is this solution possible.
Thanks & Regards
02-20-2009 07:44 AM
Yes although load balancing isn't supported multiple default routes are through object tracking.
02-26-2009 03:01 AM
Hi Thanks for your comment, it would be nice if you can explain more or give an example.
Thanks & Regards
02-27-2009 05:24 AM
Pls explain with an example, it would be really nice.
Thanks & Regards
03-03-2009 12:28 AM
Pls explain with an example, it would be really nice.
Thanks & Regards
03-03-2009 09:56 AM
Hello
First of all you can't have two ISP active at the same time in an ASA5505. This is because the ASA can only handle one default route.
The workaround would ony work whenever you know the destination you are looking for:
Lets assume this:
outside: 5.5.5.5 /27
inside: 10.10.10.0 /24
backup: 6.6.6.6/27
Interface backup is the secondary ISP
As default route you got:
route outside 0 0 5.5.5.6
for nat:
nat (inside) 1 0 0
global (outside) 1 interface
All unknown traffic from inside would use the default route and would be leaving through 5.5.5.6
The only way to force traffic out through the backup interface would be to know which destination you are looking for and force it through the secondary ISP
for example, adding a route like this:
route backup 200.0.0.0 255.0.0.0 6.6.6.7
All traffic meant to network 200.0.0.0/8 would leave through backup interface, using secodnary ISP. This is the only way to force traffic through a secondary ISP, and it will not create load balancing.
About previous reply of using object tracking that would be for using a Backup ISP. This means as soon as your primary ISP goes down, the secondary would take over:
Cheers
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: