07-06-2022 07:08 AM
Hello there!
Sorry to bother you all with this really basic question...
Is there a way for me to have two different ISPs links on the same Cisco ASA 5505 ?
I'd need to have : outside: ISP1, outside-slv: ISP2, inside: a /24 network that can only work with "outside" and inside-slv (a different /24 network that should only work with "outside-slv")
So far, i dont know how to create the proper static routes on my 5505 so the two ISP links can coexist.
ASDM is telling me that i should pick a different metric whenever i wanna configure the "outside-slv" static routes, but, even if i do pick another metric, it wont work.
Sorry if this is too messy, i can try to explain better if needed!
Thanks!
07-06-2022 07:17 AM - edited 07-06-2022 07:17 AM
07-06-2022 07:29 AM
you have 2 options.
1. connect 2 ISPs as primary and backup. so primary ISP default route needs lower metric and backup ISP default route can use higher metric. so traffic will move through primary ISP and if primary ISP fails, secondary ISP will get activate.
2. PBR. you can configure set of internal IPs to access internet via ISP1 and other set via ISP2.
07-06-2022 07:55 AM
Hello Kasun, thank you so much for your advice!
My scenario is the following:
ISP1 (outside) belongs to one company and that company has a /24 network (192.168.10.0)
ISP2 (outside-slv) belongs to another company and they have another /24 network (192.168.20.0)
I'd need both companies to coexist on the same ASA 5505 but, of course, traffic from VLAN10 has to access internet from "outside" and traffic from VLAN20 needs to access internet from "outside-slv"
So, that being said, i need to configure PBR? I am sorry if my questions are too basic, i am pretty new in the networking world
Is so, how do i configure PBR ?
Thank you so much in advance
07-06-2022 09:49 AM - edited 07-06-2022 09:49 AM
@AJPujol as suggested above, Policy Based Routing would work.
There are multiple components required to setup PBR - access-lists, route-map, static routes and NAT entries etc.
This guide matches your requirements, it's the ACLs which matches the source networks and the route-map that matches the ACL and sets the next hop.
07-06-2022 11:52 AM
Yes i share how you config pbr for asa dual isp.
07-06-2022 08:27 PM
you can use,
https://weberblog.net/policy-based-routing-on-a-cisco-asa/
07-07-2022 12:47 AM
Bad news ... PBR was introduced on ASA version 9.4 (if I remember right) and this version is not supported on the outdated ASA 5505.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide