Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
630
Views
0
Helpful
2
Replies

implement a secondary ISP to ASA 5510

mburguk1000
Level 1
Level 1

‎08-28-2012 05:36 AM - edited ‎03-11-2019 04:47 PM

We are in the process of implementing secondary ISP to our ASA firewall and I wondered if anyone else has configured something like this ??

We would like to run both ISPs in parallel so we can test until we finally cutover

Any help would be greatly appreciated

Thanks

Mark

Labels:
0 Helpful
2 Replies 2

Karsten Iwen
VIP
VIP

‎08-28-2012 06:15 AM

The ASA only supports the concept of primary and backup ISP. You cant use both at the same time if you need a default-route for both of them. And if you want to test the new functionality on the new link you probably need that.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni

‎08-28-2012 11:41 AM

Hello,

You could implement the SLA monitoring, so you can have a redundant path in case you lost connectivity to the outside world via the primary ISP.

This will not allow Load-balancing.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

As you might now there is no possibility to do PBR on the ASA, but just as a workaround you could send all HTTP and HTTPS traffic over a link based on nat rules... Or send all the VPN traffic over a link and then the rest of the traffic over the other one

Those are the two options you have

Remember to rate all the helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card