Hi Varo,

Thanks for quick response,

I want to enable redundancy for the two ISP,so if one ISP goes down, the traffic should from the secondary ISP.

The both ASA are configured on the same local subnet.

Regards

Hi Zain,

Then yes, the second document that I gave you is for ISP link redundancy, please follow the exact configuration, once you are done, you can test it by removing the primary ISP link, the internet would failover to your secondary link.

If you face any issues with it, do let me know.

Thanks,

Varun

Hi Varun,

The document you gave is for the same ASA,

in my case, i have two ASA,

On ASA on ISP 1

the second ISP on ISP 2 and i want to make these Active/active usnig the both ISP

when on isp goes down, the second take all the trafic.

Regards

Hi Zain,

Could you jusnt verify if the two ASA's that you have, arer they also currently running in Active/Standby failover as well??

Thanks,

Varun

Dear Varun,

i want to add the second ASA as well with the second ISP

For the moment, only one ASA is running with the first ISP,

i want to add the second ASA configured with the second ISP and make failover

Regards

Hi Zain,

There are two options here:

First option:

You configure both the ISP links on the same ASA, in that case as well, if ISP1 goes down, internet would flow through ISP2.

Second Option:

You have two ASA's, in active/standby failover, and yu also want to configure failover for ISP link.

If ASA1, goes down, all the traffic would go through ASA2, but if ISP1 goes down, then the traffic would go through ASA1 only but from ISP2.

Do let me know, what you are planning. (because there would be different situation as well in the second option)

Thanks,

Varun

Dear Varun

I want Second option but i want ASA in Active/Active with the both ASA on the both ISP?.

i't's possibles?

Dear Varun

I want the Option 2 with two ASA on Active/Active, each ASA on a different ISP

it's possible?

Thanks Varun,

find the both ASA sh verion

Sorry,

Find the both ASA sh version,

do you think it's possible?

Thanks

ASA-PRIMARY# sh ver

Cisco Adaptive Security Appliance Software Version 8.3(2)
Device Manager Version 6.3(4)53

Compiled on Fri 30-Jul-10 17:49 by builders
System image file is "disk0:/asa832-k8.bin"
Config file at boot was "startup-config"

ASA-PRIMARY up 17 hours 7 mins

Hardware:   ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW016 @ 0xfff00000, 2048KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.06
0: Ext: GigabitEthernet0/0  : address is 5475.d0ba.604a, irq 9
1: Ext: GigabitEthernet0/1  : address is 5475.d0ba.604b, irq 9
2: Ext: GigabitEthernet0/2  : address is 5475.d0ba.604c, irq 9
3: Ext: GigabitEthernet0/3  : address is 5475.d0ba.604d, irq 9
4: Ext: Management0/0       : address is 5475.d0ba.604e, irq 11
5: Int: Not used            : irq 11
6: Int: Not used            : irq 5
             
Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited      perpetual
Maximum VLANs                  : 150            perpetual
Inside Hosts                   : Unlimited      perpetual
Failover                       : Active/Active  perpetual
VPN-DES                        : Enabled        perpetual
VPN-3DES-AES                   : Enabled        perpetual
Security Contexts              : 2              perpetual
GTP/GPRS                       : Disabled       perpetual
SSL VPN Peers                  : 2              perpetual
Total VPN Peers                : 750            perpetual
Shared License                 : Disabled       perpetual
AnyConnect for Mobile          : Disabled       perpetual
AnyConnect for Cisco VPN Phone : Disabled       perpetual
AnyConnect Essentials          : Disabled       perpetual
Advanced Endpoint Assessment   : Disabled       perpetual
UC Phone Proxy Sessions        : 2              perpetual
Total UC Proxy Sessions        : 2              perpetual
Botnet Traffic Filter          : Disabled       perpetual
Intercompany Media Engine      : Disabled       perpetual

This platform has an ASA 5520 VPN Plus license.

Serial Number: JMX1422L472
Running Permanent Activation Key: 0xc51ef169 0x0c284eed 0x0410616c 0x8604d010 0xc11d2a8c
Configuration register is 0x1
Configuration last modified by administrator at 16:25:11.629 WAT Thu Jun 23 2011
ASA-PRIMARY#   

Hi Zain,

There is no issue with this version, it should work fine.

Thanks,

Varun

Thanks,

Can you help me with the basic config?

i read the doc, but i cannot execute the begin command changeto context

cisco-haut(config)# changeto context

                      ^

ERROR: % Invalid input detected at '^' marker.

cisco-haut(config)#

cisco-haut(config)# changeto context

                      ^

ERROR: % Invalid input detected at '^' marker.

cisco-haut(config)#