cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
769
Views
0
Helpful
5
Replies

ASA 5520 2 ISP

redrobish
Level 1
Level 1

Hi experts,

I'm new to FW stuff and got a request if our ASA 5520 can handle 2 ISP? not to load balance or not standby/active but to use the 2 ISP at the same time and separately. for example, ISP_A who has 10m will be dedicated to the customer A/VLAN A, then ISP_B who has 4m will be for the rest of the customer's traffic. Can the ASA 5520 do traffic shaping or policy map just like in a normal router? if yes, hope some can provide samples...

hoping for the help.

thanks

1 Accepted Solution

Accepted Solutions

With a router, yes, it is possible as it supports PBR (Policy Based Routing). You will also need to configure NATing on the router instead of the ASA, and basically ASA will only provide the protection and security, while the NATing and routing is handled by the router. On the ASA, you will just need to disable NATing (no nat-control) and route the traffic to the router, and router would actually see the 2 subnets/clients real IP so it can be routed and NATed accordingly.

View solution in original post

5 Replies 5

Jennifer Halim
Cisco Employee
Cisco Employee

No, unfortunately ASA can't be configured to have 2 default gateways going to 2 different ISP/interfaces.

Hi Jennifer, thanks for the quick reply.

What if I put a router say, a 2911, which has 3 interfaces so I can configure the router to have 2 default gateways via policy map and can have a dedicated bandwitdh. then connect it to the ASA5520. Now can the ASA do the separation of the network for those 2 traffics? How anyone can provide samples...

thanks

With a router, yes, it is possible as it supports PBR (Policy Based Routing). You will also need to configure NATing on the router instead of the ASA, and basically ASA will only provide the protection and security, while the NATing and routing is handled by the router. On the ASA, you will just need to disable NATing (no nat-control) and route the traffic to the router, and router would actually see the 2 subnets/clients real IP so it can be routed and NATed accordingly.

I see, thanks Jennifer.

Just a follow up...

what if I want to separate the 2 ISP with each of its bandwidth, so will do policy map right? So I need to do Natting on the on the ASA since we need to map servers out to ISP B...like this with just one router (2911).

Client A ----ISP A ---------Router (bandwidth 4mbps) -------ASA ----------Core switch (Vlan 10)

Everyone ----ISP B ---------Router (bandwidth 6mbps) -------ASA ----------Core switch (rest of the Vlans)

Will this be possible since it was mentioned from above that I need to disable the Natting on the ASA?

Hope this is clear!

Thanks

Review Cisco Networking for a $25 gift card