The 5512-X can do WAN

macboy276 · ‎05-14-2015

Hi,

I would like to add an another internet provider to my firewall.

I have currently AT&T with T1 lines and want to add Verizon or Comcast as backup internet line or divert some of the traffic to new connections.

How i could achieve this. basically i want all my VPN or Desktop virtual Machine traffic to divert to new lines.

best regards

Karsten Iwen · ‎05-14-2015

Can you run v9.4? Then you can use policy-based-routing for that.

If you have one of the legacy ASAs you still can have two ISPs. One is primary and serves all outgoing traffic, the other is backup for outgoing traffic and can be used at the same time for S2S-VPNs and incoming connections.

macboy276 · ‎05-15-2015

Thanks Karsten. Right now i have ASA 5505 but i am going to upgrade it to 5512 before implementing multiple ISP. I guess 5512 runs on v9. Can you please provide me some sample configuration?

Thanks

Karsten Iwen · ‎05-15-2015

The 5512-X can do WAN-failover even with the Base-license. Here is an example of a config:

interface GigabitEthernet0/0
 description ISP1
 nameif outside1
 security-level 0
 ip address 192.0.2.2 255.255.255.248
!
interface GigabitEthernet0/1
 description ISP2
 nameif outside2
 security-level 0
 ip address 198.51.100.2 255.255.255.248

sla monitor 1
 type echo protocol ipIcmpEcho 8.8.8.8 interface outside1
 num-packets 5
 frequency 30
sla monitor schedule 1 life forever start-time now

track 1 rtr 1 reachability

route outside1 0.0.0.0 0.0.0.0 192.0.2.1 1 track 1
route outside2 0.0.0.0 0.0.0.0 198.51.100.1 100

object network PAT-OUTSIDE1
 host 192.0.2.4
object network PAT-OUTSIDE2
 host 198.51.100.4

nat (any,outside1) after-auto source dynamic any PAT-OUTSIDE1
nat (any,outside2) after-auto source dynamic any PAT-OUTSIDE2

Cisco ASA with two internet providers