cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
134
Views
0
Helpful
1
Replies
Highlighted
Beginner

Backup ISP Failover

Hi Guys

I am a Cisco beginner and i would like to know how can i do an ISP failover.  

My set up

ASA5510 

Int 0/0 WAN

Int 0/1 Inside

Int 0/2 

Int 0/2.2 Voice Vlan120

Int 0/2.31 Wifi Vlan160

Int 0/3 SIP

MGMT Failover to secondary Firewall. 

I would like to add our backup ISP to it, as you can see we have ran out of ports on the ASA.  is there a way we can trunk or tunnel from one of the switch ports to run a ping and if primary ISP fails the backup ISP port becomes active?

Any suggestions?

thanks

Everyone's tags (1)
1 REPLY 1
Beginner

If you can patch both WAN

If you can patch both WAN ports into a switch that can speak VLANs (dot1q) and trunk them to int 0/0 and create  subinterfaces as you've done with int0/2 and tag correct VLAN, that will get round your lack of ports.

To failover between WAN links look at IP SLA such as below.

route primary-isp 0.0.0.0 0.0.0.0 1.1.1.1 1 track 1
route backup-isp 0.0.0.0 0.0.0.0 2.2.2.2 254 - high admin cost

track 1 rtr 10 reachability

sla monitor 10
 type echo protocol ipIcmpEcho 1.1.1.1 interface primary-isp (Example I am pinging default GW address)
 num-packets 3
 frequency 10
sla monitor schedule 10 life forever start-time now

If you're PAT'ing for outbound traffic you will need to make sure you configure for the backup ISP

Example

object network Inside1
subnet blah
 nat (inside,primary-isp) dynamic interface
object network Inside2
subnet blah
 nat (inside,backup-isp) dynamic interface

Here's an article http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118962-configure-asa-00.html

Joel

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards