Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
772
Views
0
Helpful
5
Replies

ASA 5520 2 ISP

Go to solution
redrobish
Level 1
Level 1

‎02-14-2011 05:58 PM - edited ‎03-11-2019 12:50 PM

Hi experts,

I'm new to FW stuff and got a request if our ASA 5520 can handle 2 ISP? not to load balance or not standby/active but to use the 2 ISP at the same time and separately. for example, ISP_A who has 10m will be dedicated to the customer A/VLAN A, then ISP_B who has 4m will be for the rest of the customer's traffic. Can the ASA 5520 do traffic shaping or policy map just like in a normal router? if yes, hope some can provide samples...

hoping for the help.

thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to redrobish

‎02-14-2011 06:33 PM

With a router, yes, it is possible as it supports PBR (Policy Based Routing). You will also need to configure NATing on the router instead of the ASA, and basically ASA will only provide the protection and security, while the NATing and routing is handled by the router. On the ASA, you will just need to disable NATing (no nat-control) and route the traffic to the router, and router would actually see the 2 subnets/clients real IP so it can be routed and NATed accordingly.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎02-14-2011 06:10 PM

No, unfortunately ASA can't be configured to have 2 default gateways going to 2 different ISP/interfaces.

0 Helpful

Go to solution
redrobish
Level 1
Level 1
In response to Jennifer Halim

‎02-14-2011 06:28 PM

Hi Jennifer, thanks for the quick reply.

What if I put a router say, a 2911, which has 3 interfaces so I can configure the router to have 2 default gateways via policy map and can have a dedicated bandwitdh. then connect it to the ASA5520. Now can the ASA do the separation of the network for those 2 traffics? How anyone can provide samples...

thanks

Preview file
166 KB
0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to redrobish

‎02-14-2011 06:33 PM

With a router, yes, it is possible as it supports PBR (Policy Based Routing). You will also need to configure NATing on the router instead of the ASA, and basically ASA will only provide the protection and security, while the NATing and routing is handled by the router. On the ASA, you will just need to disable NATing (no nat-control) and route the traffic to the router, and router would actually see the 2 subnets/clients real IP so it can be routed and NATed accordingly.

0 Helpful

Go to solution
redrobish
Level 1
Level 1
In response to Jennifer Halim

‎02-14-2011 06:39 PM

I see, thanks Jennifer.

0 Helpful

Go to solution
redrobish
Level 1
Level 1
In response to redrobish

‎02-24-2011 07:42 PM

Just a follow up...

what if I want to separate the 2 ISP with each of its bandwidth, so will do policy map right? So I need to do Natting on the on the ASA since we need to map servers out to ISP B...like this with just one router (2911).

Client A ----ISP A ---------Router (bandwidth 4mbps) -------ASA ----------Core switch (Vlan 10)

Everyone ----ISP B ---------Router (bandwidth 6mbps) -------ASA ----------Core switch (rest of the Vlans)

Will this be possible since it was mentioned from above that I need to disable the Natting on the ASA?

Hope this is clear!

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card