Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
448
Views
0
Helpful
7
Replies

ASA Active standby with dual ISP terminated on two different router

sajid231088
Level 1
Level 1

ā€Ž02-06-2023 06:03 AM

Hi Experts,

Hope you all are doing well.

please help me in below.

We have two ASA configured in Active/Standby, at present we have single ISP but we are going to have second ISP soon.

new topology would be : 

ISP RTR1 -----> ASA1 ------> Core SW1

ISP RTR 2 ----> ASA2 ------> Core SW2

need to know, can i directly connect ISP link with ASA or do i need any Switch in between

If, any switch required what would be switch and ASA configuration  OR  if switch not required then what would be a ASA(both ASA) configuration.

Thanks,

 

0 Helpful
7 Replies 7

Karsten Iwen
VIP
VIP

ā€Ž02-06-2023 06:15 AM

It is very likely that you need an additional switch. Both outside interfaces of both ASAs need to see each other. For Example:

  • outside1 of ASA1 and ASA2 connect to ISP1
  • outside2 of ASA1 and ASA2 connect to ISP2

If the ISP device has two ports you can connect both ASAs to it. But it is quite common that the ISP device only has one port. Here you need a switch to connect both ASAs to the ISP router.

0 Helpful

sajid231088
Level 1
Level 1
In response to Karsten Iwen

ā€Ž02-06-2023 06:20 AM

Thanks Karsten,

any configuration reference for both ASAs.

0 Helpful

Rob Ingram
VIP
VIP

ā€Ž02-06-2023 06:15 AM

@sajid231088 you should connect the ASA outside interfaces into a switch, in the same vlan as an isp router. That way both ASA can communicate to the isp router.

0 Helpful

Kasun Bandara
VIP
VIP

ā€Ž02-06-2023 06:15 AM

if your ISP gives 2 lines for same connection you can connect that to two ASAs. or use switch between ASAs and ISP router. then connect ISP to switch and 2 cables from switch to 2 ASAs

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
0 Helpful

sajid231088
Level 1
Level 1
In response to Kasun Bandara

ā€Ž02-06-2023 06:19 AM

Thanks Kasun for your reply.

I have two different ISPs and IP address provided is also from different network, In such case do i need SW in between or without switch also it will work

 

0 Helpful

Kasun Bandara
VIP
VIP
In response to sajid231088

ā€Ž02-06-2023 06:29 AM - edited ā€Ž02-06-2023 06:32 AM

if you have 2 ISPs, each needs to connect to both ASAs using 2 links. for ex,

                               --------->ISP1 network ----> ASA1

ISP1---->               --------->ISP2 network ----> ASA1

                    Switch 

ISP2---->                  --------->ISP1 network ----> ASA2

                                  --------->ISP2 network ----> ASA2

 

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card