Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
633
Views
0
Helpful
3
Replies

Dual ISP implementation on ASA - ISP1 Incoming ISP2 Outgoing Not working

Go to solution
Boon Keat Gan
Level 1
Level 1

‎11-22-2015 06:55 PM - edited ‎03-11-2019 11:55 PM

Hi,

I am following the article on this link (https://supportforums.cisco.com/document/139051/dual-isp-implementation-asa) to implement the scenario 1.

The version I am using is Cisco Adaptive Security Appliance Software Version 8.4(7)23.

We currently have 2 ISP link, ISP2 will be use for all the outgoing traffic and ISP1 will be use for incoming traffic for Web Hosting and SSLVPN that hosted on Interface Gi0/0 Internet.

There is a weird behaviour occur and have no clue on how to resolve this.

Scenario 1:-

Route all traffic (Outgoing) to ISP1 - Both outgoing and incoming services working as charm. No issues.

Scenario 2:-

Router Outgoing traffic to ISP2 - Outgoing traffic is working but incoming services failed. Is there anything I can troubleshoot? Appreaciate for your help.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
teatrodelsogno
Level 1
Level 1

‎11-25-2015 01:34 AM

Hi,

PBR on ASA is not supported.. Could be use in tour scenario but you can't.

My suggestion is to deploy ASA in "multicontext" mode. In this way you can have "two virtualize" firewall for route traffic in which way you want.

Let me know,

regards

View solution in original post

0 Helpful
3 Replies 3

Go to solution
teatrodelsogno
Level 1
Level 1

‎11-25-2015 01:34 AM

Hi,

PBR on ASA is not supported.. Could be use in tour scenario but you can't.

My suggestion is to deploy ASA in "multicontext" mode. In this way you can have "two virtualize" firewall for route traffic in which way you want.

Let me know,

regards

0 Helpful

Go to solution
Rishabh Seth
Level 7
Level 7

‎11-25-2015 01:30 PM

HI,

How are you configuring routes?  

Is ISP1 or ISP2 configured as default route?

What  ASA hardware are you us ?

Thanks,

RS

0 Helpful

Go to solution
teatrodelsogno
Level 1
Level 1
In response to Rishabh Seth

‎11-27-2015 03:28 AM

they are indipendent ASA (virtual ASA). Then routing table are completely different (like VRF).

ONE IPS is associated to asa1virtual, the second one to asa2virtual.
Default gateway will be pointed to different ip address belonging to the different IPS in the different ASAvirtual.

For hardware you need at least one 5512x
License for multicontext

thanks and regards

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card