Showing results for 
Search instead for 
Did you mean: 

ASA routing traffic out MPLS, VPN, and ISP?


I hope this is the right place to post this question....

I  currently have an ASA5510 (software version 8.2.5) which I'm using as  my firwall and vpn.  I have an ipsec tunnel between my  office and our HQ office.  The ASA is also serving as client vpn  termination point.

For routing internally at my office, all I have is a  Catalyst 3560 doing static vlan routing, and the ASA's inside interface  is the default gateweay for the 3560.

The  next step is to add an MPLS  circuit between the 2 offices.

The  ipsec tunnel between the two offices is working fine, but once the MPLS is installed, we want  to send all pertinent traffic over MPLS, and use the ipsec tunnel as a  backup in case the MPLS goes down.

So all traffic leaving the branch office network would be handled  by  the ASA.  The ASA would either send the traffic out the MPLS (or over the ipsec tunnel if the MPLS was down), or out to the internet if not destined for one of the HQ networks.

Can the 5510 do all of this? 

Thanks for any insights!

Rising star

One potential solution is to use IP SLA to failover to your secondary link. See below:

Don't forget to rate helpful posts.

This type of solution with an ASA is quite difficult to set up, in my experience you would be far better to use a router with the firewall feature set, as you have better options for configuring the IPsec L2L tunnels. ASA's are great for remote access (Client) VPN's, but limited for L2L use.

Routers allow you to set up either VTI or DMVPN based tunnels, both of which support a dynamic routing protocol across the tunnel, so the tunnel looks like another P2P circuit to your core, and can have routing metrics or floating statics applied.


Content for Community-Ad

This widget could not be displayed.