Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
303
Views
0
Helpful
8
Replies

ISP Link Failover in ASA 5520

Muthukumar P
Level 1
Level 1

‎11-16-2016 07:21 AM - edited ‎03-12-2019 01:32 AM

Hi Team,

                  One of our client is having ASA 5520 with two ISP Link..Customer is expecting that Mail traffic flow to dedicated one ISP and remaining traffic flow to other ISP.If any one of the ISP goes down all traffic should work to availability ISP Link. Please help on this .

Thanks

Muthukumar

Labels:
0 Helpful
8 Replies 8

Karsten Iwen
VIP
VIP

‎11-16-2016 01:28 PM

That's easy: Replace the outdated legacy ASA with an ASA-X and configure Policy-based routing. Ok, one part of this might not be that easy. But that's a task for the feature PBR which got introduced to the ASA in newer releases which is not available for the older models.

0 Helpful

Muthukumar P
Level 1
Level 1
In response to Karsten Iwen

‎11-16-2016 08:44 PM

HI ,

    I have attached  ASA 5520 Tech support and Traffic flow details . Please find it and confirm that this model is support for PBR if supported please share the configuration document..

  and one more thing customer is having two firewall , ASA in outside and cyberoam is Inside firewall.. Please help suggest how achieved the target..

Thanks

Muthukumar

Preview file
13 KB
Preview file
89 KB
0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Muthukumar P

‎11-17-2016 06:48 PM

Muthukumar

Support for PBR was added in release 9.4. Your 5520 does not run code that supports PBR. So unfortunately I must confirm that your 5520 does not support PBR.

HTH

Rick

HTH

Rick
0 Helpful

Muthukumar P
Level 1
Level 1
In response to Richard Burts

‎11-17-2016 08:18 PM

HI,

        You are talking about IOS version.. if yes  I will upgrade the suggested  IOS version 9.1.7..

Please confirm and if share the PBR configuration URL as well..

Thanks

Muthukumar

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Muthukumar P

‎11-18-2016 06:28 AM

Muthukumar

PBR is not supported in 9.1.7. PBR is supported beginning in 9.4. I do not believe that 5520 can run that version of code.

HTH

Rick

HTH

Rick
0 Helpful

Muthukumar P
Level 1
Level 1
In response to Richard Burts

‎11-18-2016 08:29 PM

Hi ,

        Thanks for your response, I will inform to customer ISP link fail over only possible.. But One of other customer raising same query but they are having ASA 5525X.. Can you help me PBR routing document for this scenario..

Thanks

Muthukumar

0 Helpful

Karsten Iwen
VIP
VIP
In response to Muthukumar P

‎11-18-2016 02:16 PM

After looking again at your traffic-flow- document, do you want to control outbound or inbound traffic? As already mentioned, outbound would be done with PBR which is not available for your platform. But for inbound traffic, you could use both of your ISPs. So, what exactly do you want to achieve?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card