03-04-2015 06:44 PM - edited 03-11-2019 10:35 PM
Hi !
I need some help to find a way to configure my ASA appliance in this configuration.
I have 2 connections from only one ISP to Internet for which, both are receiving IP configuration through DHCP. I know over the time the netmask and next value change without any notice. But IP address of each interface will never change. Also, it may happen to get the same MAC address for both next hop IP, which would be different for each ISP connections.
I need to have one interface usually used for Internet traffic and the other one for VPN traffic. In case of one of those link failed the traffic need to be direct to the remainning connection.
someone can help me with this ?
Thanks !
03-04-2015 09:18 PM
Hi Xine,
Please refer below link to configure ISP redundancy on Cisco ASA.
http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/70559-pix-dual-isp.html
This can be achieved by IP SLA; what IP SLA does it tracks the remote IP via link and if one of the link goes down than it routing table will switch to standby ISP.
Regards,
Tushar Bangia
Note : Please do rate posts if you find it helpful!!
03-05-2015 03:05 AM
The basic setup for this scenario will be the DualISP primary/backup.
For VPN, it depends what you need:
For remote-Access-VPN, just point your clients to the IP-address of your secondary internet-link.
For Site-2-Site I don't think that it will work to put that traffic on the secondary link as there is no way (that I know) to configure a static route to a next-hop that is learned by DHCP.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: