cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
689
Views
0
Helpful
3
Replies

ASA Dual ISP

Good day guys.

I'm new to security, so I hope what I post makes sense. I want to introduce a new firewall connecting two ISP and to a Layer 3 core switch (see attached drawing). My question is, if I'm running a point-to-point 10.10.1.0/30 network between the LAN Core Switch and the ASA, do I still have to NAT and how will the configuration be? I have serveral subnets behind the Core switch such as Wireless, LAN, CCTV, Voice etc. By this I mean I have a default route pointing to the core switch

3 Replies 3

Philip D'Ath
VIP Alumni
VIP Alumni

All of the IP addresses in your diagram are private - event the ones from your ISPs, which is unusual.

Are both of your ISPs realy giving you circuits with private IP addresses on them?

Are you wanting to use the circuits for just outbound active/standby failover support, or did you have something else in mind?

Hi Philip,

Yes you are right, the two IPs to the ISPs will be public. We will also be setting up AnyConnect VPN

If you are planning to try 9.6 series firmware (I'm way back on 9.4 myself) it looks to me like the new ASA "zone" functionality (completely different from router security zones) is designed to help you talk to multiple ISP's.  This has been a historical pain point with ASA.

Review Cisco Networking for a $25 gift card