Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
754
Views
5
Helpful
6
Replies

2x ASA 5516-X Single Context 3 ISP config

Go to solution
Will Milner
Level 1
Level 1

‎05-04-2016 08:13 AM - edited ‎03-12-2019 12:42 AM

Hello All,

I have just configured a HA Active/Standby pair of ASA 5516-X in single context mode with dual ISPs. I also have another ASA5510 with a separate ISP that we use for our public wifi VLAN(2). 

I would like to decommission the ASA 5510 and move the third ISP onto the 5516-X pair. I have already setup sub-interfaces for the VLANs on the HA pair, is it possible to route traffic from VLAN(2) to the third ISP without having to re-configure in multiple context mode ?

Many thanks,

Will 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rishabh Seth
Level 7
Level 7

‎05-04-2016 09:21 AM

Hi Will,

As per what you have explained above, I understand that you are currently having dual ISP setup and would like to introduce another ISP connection to 5516-x from 5510.

If you are planning to introduce new ISP only for routing traffic from specific source/ destination, then you can make use of policy based routing(PBR) which is available on 5516-x.

You can refer following link which has details of different use cases of PBR on ASA: click here

Hope it helps.

RS

Rate if you find answer helpful.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Rishabh Seth
Level 7
Level 7

‎05-04-2016 09:21 AM

Hi Will,

As per what you have explained above, I understand that you are currently having dual ISP setup and would like to introduce another ISP connection to 5516-x from 5510.

If you are planning to introduce new ISP only for routing traffic from specific source/ destination, then you can make use of policy based routing(PBR) which is available on 5516-x.

You can refer following link which has details of different use cases of PBR on ASA: click here

Hope it helps.

RS

Rate if you find answer helpful.

0 Helpful

Go to solution
James Leinweber
Level 4
Level 4
In response to Rishabh Seth

‎05-04-2016 10:58 AM

If you can upgrade to 9.6 you might also be able to do with the newfangled zones, I think.  Haven't tried it myself.

Go to solution
Will Milner
Level 1
Level 1
In response to James Leinweber

‎05-05-2016 01:53 AM

Hey James,

Thanks for your swift reply... Interesting.. Do you have any details on the newfangled zones? I can't find it in the release notes for 9.6 (albeit scan read)

Many thanks,

Will 

0 Helpful

Go to solution
James Leinweber
Level 4
Level 4
In response to Will Milner

‎05-05-2016 07:37 AM

Actually, now that I've re-read page 5-36 of the cisco ASA series command reference manual (T-Z ...) the "zone" command was introduced in 9.3(2).  Participating interfaces get a "zone member ..." attribute and do equal-cost multi-path routing across the ensemble.  Worth a further look, anyway.

I'm using a dual-fiber port-channel uplink to my ISP (the U. of Wisconsin-Madison), which has diverse paths to the internet, so it's not something I've needed to try.

0 Helpful

Go to solution
Will Milner
Level 1
Level 1
In response to Rishabh Seth

‎05-05-2016 01:50 AM

Hey Rishabh,

Wow thanks! I completely forgot about that... I have come from the ASA 5510 that didn't support PBR. Perfect! 

Many thanks,

Will 

0 Helpful

Go to solution
Rishabh Seth
Level 7
Level 7
In response to Will Milner

‎05-05-2016 02:04 AM

great !! :)

RS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card