2 ISP Lines, each for Incoming and Outgoing Purpose

noorzulfadli.mustafa · ‎03-18-2013

Dear Experts,

I am currently having a situation where there are 2 separate ISP lines connecting to the ASA 5512-X:

Lease line with a range of fix public IP
Line with dynamic public IP

My planning was to make the line 1 for incoming traffic and line 2 for outgoing traffic.

Therefore, I am seeking for your experts opinion on this design whether it is achievable or not.

ASA Version: 8.6

Sorry if similar thread already posted before.

Thank you in advance for your help.

Regards,

Zul

jocamare · ‎03-18-2013

This is a no.

What you described is a difficult thing to do, it's also a bad thing to do.

It causes asymetric routing, that's a bad thing to have in a network.

You can configure load-balancing though.

The asa will need to be working in multiple-context mode.

noorzulfadli.mustafa · ‎03-18-2013

Thank you jocamare for your reply,

I was just thinking to separate the network for incoming and outgoing traffic.

Do you think load balancer have that kind of feature? To separate the incoming and outgoing traffic?

Regards,

Zul

jocamare · ‎03-18-2013

I don't think they have such a feature.

The problem is that it doesn't make much sense to have that, first it creates asymmetric routing, which is a bad thing to have, for several reasons.

Then, personally, i don't see what will be the use of that.

I know that you will have a dedicated interface just for one thing, but since they support both incoming and outgoing traffic at the same time it will be a waste of resources on the device.

You can always combine the resources of the interfaces in a single interface and have superior performance and redundancy.