cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2948
Views
0
Helpful
7
Replies

Configure static route to connect two ISP

samansaadat
Level 1
Level 1

Dear all

We have a cisco firewall ASA-5510 which is configured to connect our users to one ISP. Recently we added new ISP and our company wants to connect both ISP to the network. I configured both connections but to make our user use internet we need to configure new ISP (new interface) in the static routes. But in our model we cannot have two interfaces as default static routes (IP Address: 0.0.0.0, Mask: 0.0.0.0, Metric: 1).

Now I would like to ask what the best solution for our problem is. How can I configure our firewall in such a way that it will check the traffic of each ISP and rout user to the ISP that has a lower traffic? Is it possible?

Thank you so much

7 Replies 7

nkarthikeyan
Level 7
Level 7

Hi Saman,

As far as i know you cannot do that by looking at the traffic that passes using ur firewall. If you have the 2 ISP's configured in your firewall with proper updates. Then you can do this for load balancing.

Say outside1 and outside2 are your ISP connected interfaces.

route outside1 0.0.0.0 127.0.0.0

route outside2 128.0.0.0 127.0.0.0

you can do a loadbalancing to some extent. but not completely.

Please do rate if the given information helps.

By

Karthik

Hi Karthik

Thank you for replying. anyway I didn't get what you mean.

route outside1 0.0.0.0 127.0.0.0

Is 127.0.0.0 Mask? If mask then it is invalid mask. can you explain which is IP Address and which is mask and Which is metric?

Thank you again

Also is there anyway that I can configure firewall to even randomly divide users in these two ISPs? how can I make both work in the network?

Thank you so much

Saman

Hi Saman,

Sorry for that mask confusion. it should be like this.

0.0.0.0 128.0.0.0 **** This will cover 0.0.0.0 to 127.0.0.0 ***

128.0.0.0 128.0.0.0 *** This will cover 128.0.0.0 to 255.0.0.0 ***

randomly sending traffic is not possible in this scenario as far as i know. If you have 2 firewalls running in standalone mode you can make 1 firewall to take isp1 as primary and another as secondary. The other firewall will  take isp2 as primary gateway and so.

Please do rate if the given information helps.

By

Karthik

Hi Karthik

Sorry I am kinda new in cisco can you explain more?

Can you tell me in this configuration what is IP Address, What is Netmast, What is Metric and also what option I have to set?

Also somebody told me that one solution is two make another gateway in the firewall and connect the other gateway to the other ISP and then divide user by using two different gateway. what do you think?

Again thank you

Hi Saman,

The scenarion told by the other person is not possible in the firewalls. You can do that in routers using the IPSLA. But in firewalls you cannot do that from the source basis. Whatever i have suggested is a workaround.....

0.0.0.0 128.0.0.0 **** This will cover 0.0.0.0 to 127.0.0.0 ***

128.0.0.0 128.0.0.0 *** This will cover 128.0.0.0 to 255.0.0.0 ***

So for eg you are trying yahoo.com which is having ip 12.1.1.1 so this will take outside1 route.

for google.com if that ip address is 150.1.1.1 then it will take outside 2 route and go....

You can alter it accordingly... But this is an workaround... not a solution.... If you have the router then you can make this loadbalancing to have one source to go via isp1 and other source will go via other isp....

May be the other experts in our forum can throw some light on this.

Please do rate if the given information helps.

By

Karthik

Hi Karthik

wow thank you so much for your help. So the best solution is still what you suggested but I am still kinda confuse how to do this setup that you are sugesting. I really can't find a way how to configure what you are suggesting. cause if I set ISP1 as

IP: 0.0.0.0 Mask 0.0.0.0 then setup ISP2 as IP 127.0.0.0 Mask 0.0.0.0 still I cannot divide it to two.

Or maybe what you are suggesting, should not be done through static routing. cause I am thinking of solution using static routing and in static routing you have to set IP and Mask. and I cannot set a range of IP.

Again thank you

Patrick0711
Level 3
Level 3

I think Karthik pretty much covered it.

There is no way to have two default routes or perform any kind of intelligent load-balancing

You can use static routes to direct certain traffic across the two links but you must specify destination networks.

As Karthik was suggesting

0.0.0.0 128.0.0.0 **** This will cover 0.0.0.0 to 127.0.0.0 ***

128.0.0.0 128.0.0.0 *** This will cover 128.0.0.0 to 255.0.0.0 ***

The ASA supports redundant ISP links in an active/passive scenario but will not load-balance between them. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: