Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
714
Views
5
Helpful
7
Replies

Two different ISPs on Cisco ASA 5505

AJPujol
Level 1
Level 1

‎07-06-2022 07:08 AM

Hello there!

 

Sorry to bother you all with this really basic question...

 

Is there a way for me to have two different ISPs links on the same Cisco ASA 5505 ?

 

I'd need to have : outside: ISP1, outside-slv: ISP2, inside: a /24 network that can only work with "outside" and inside-slv (a different /24 network that should only work with "outside-slv")

 

So far, i dont know how to create the proper static routes on my 5505 so the two ISP links can coexist.

ASDM is telling me that i should pick a different metric whenever i wanna configure the "outside-slv" static routes, but, even if i do pick another metric, it wont work.

 

Sorry if this is too messy, i can try to explain better if needed!

 

Thanks!

Labels:
0 Helpful
7 Replies 7

MHM Cisco World
VIP
VIP

‎07-06-2022 07:17 AM - edited ‎07-06-2022 07:17 AM

https://www.networkstraining.com/cisco-asa-policy-based-routing-pbr/

 

 

Yes use pbr

0 Helpful

Kasun Bandara
VIP
VIP

‎07-06-2022 07:29 AM

you have 2 options.

1. connect 2 ISPs as primary and backup. so primary ISP default route needs lower metric and backup ISP default route can use higher metric. so traffic will move through primary ISP and if primary ISP fails, secondary ISP will get activate.

2. PBR. you can configure set of internal IPs to access internet via ISP1 and other set via ISP2.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
0 Helpful

AJPujol
Level 1
Level 1
In response to Kasun Bandara

‎07-06-2022 07:55 AM

Hello Kasun, thank you so much for your advice!

 

My scenario is the following:

 

ISP1 (outside) belongs to one company and that company has a /24 network (192.168.10.0)

ISP2 (outside-slv) belongs to another company and they have another /24 network (192.168.20.0)

 

I'd need both companies to coexist on the same ASA 5505 but, of course, traffic from VLAN10 has to access internet from "outside" and traffic from VLAN20 needs to access internet from "outside-slv"

 

So, that being said, i need to configure PBR? I am sorry if my questions are too basic, i am pretty new in the networking world

Is so, how do i configure PBR ?

 

Thank you so much in advance

0 Helpful

Rob Ingram
VIP
VIP
In response to AJPujol

‎07-06-2022 09:49 AM - edited ‎07-06-2022 09:49 AM

@AJPujol as suggested above, Policy Based Routing would work.

 

There are multiple components required to setup PBR - access-lists, route-map, static routes and NAT entries etc.

 

This guide matches your requirements, it's the ACLs which matches the source networks and the route-map that matches the ACL and sets the next hop.

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to AJPujol

‎07-06-2022 11:52 AM

Yes i share how you config pbr for asa dual isp.

0 Helpful

Kasun Bandara
VIP
VIP
In response to AJPujol

‎07-06-2022 08:27 PM

you can use,

https://weberblog.net/policy-based-routing-on-a-cisco-asa/

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
0 Helpful

Karsten Iwen
VIP
VIP

‎07-07-2022 12:47 AM

Bad news ... PBR was introduced on ASA version 9.4 (if I remember right) and this version is not supported on the outdated ASA 5505.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card