Solved: is it possible to have three ISP connections to Cisco ASA 5510

Mogal Peerbasha · ‎01-29-2014

Hi all,

We have a Cisco ASA 5510 firewall in one our customer location and currently we are using two ISP as a failover case. But the customer wants to add another ISP as a back up connection. Is it possible to have three ISPs with cisco ASA 5510 firewall.

Please do reply.

Thanks,

Peerbasha

prateeve · ‎01-29-2014

Hi,

Yes, it is possible . Right now it would be like outside and backup interface and configuration would be something like below (just an example):

route outside 0.0.0.0 0.0.0.0 10.200.159.1 1 track 1

route backup 0.0.0.0 0.0.0.0 10.250.250.1 253

sla monitor 123
 type echo protocol ipIcmpEcho 4.2.2.2 interface outside
 num-packets 3
 frequency 10

sla monitor schedule 124 life forever start-time now

Suppose now you add new interface backup2, then you need to configure following commands:

route backup2 0.0.0.0 0.0.0.0 10.250.250.1 254

sla monitor 124
 type echo protocol ipIcmpEcho 4.2.2.2 interface backup
 num-packets 3
 frequency 10

sla monitor schedule 124 life forever start-time now

Now, if primary goes down it will move to backup and if backup goes down it will move to backup2.

Hope it will help.

- Prateek Verma

View solution in original post

prateeve · ‎01-29-2014

Hi,

Yes, it is possible . Right now it would be like outside and backup interface and configuration would be something like below (just an example):

route outside 0.0.0.0 0.0.0.0 10.200.159.1 1 track 1

route backup 0.0.0.0 0.0.0.0 10.250.250.1 253

sla monitor 123
 type echo protocol ipIcmpEcho 4.2.2.2 interface outside
 num-packets 3
 frequency 10

sla monitor schedule 124 life forever start-time now

Suppose now you add new interface backup2, then you need to configure following commands:

route backup2 0.0.0.0 0.0.0.0 10.250.250.1 254

sla monitor 124
 type echo protocol ipIcmpEcho 4.2.2.2 interface backup
 num-packets 3
 frequency 10

sla monitor schedule 124 life forever start-time now

Now, if primary goes down it will move to backup and if backup goes down it will move to backup2.

Hope it will help.

- Prateek Verma

Mogal Peerbasha · ‎02-04-2014

Hi Prateek Verma,

Thanks and it is working fine with above solution.

I would like to ask one question, for Outside route we are traking the reachability with track 1, where as do we need to use the same for backup route to track the reachability with track 2 i.e as follows

Example:

             route outside 0.0.0.0 0.0.0.0 10.200.159.1 1 track 1

             route backup 0.0.0.0 0.0.0.0 10.250.250.1 253 track 2
             
             route backup2 0.0.0.0 0.0.0.0 10.250.250.1 254
             
             track 1 rtr 123 reachability
             track 2 rtr 124 reachability
 Please clarify.

 Thanks,
 Peerbasha

prateeve · ‎02-05-2014

Hi Peerbasha,

Yes, I forgot to mention that, my mistake .

- Prateek Verma