Two static default-routes in ASA5540 v8.4(1)

jkeeffe · ‎05-09-2011

Is it possible to have two static default routes in an ASA firewall? Here's the reason for that. I initially have a defaul route to point to the next-hop router so that I can get the ASA on the network, import it into CSM, and then dump a bunch of policies back to the ASA, one of which is an EIGRP config so that the ASA participates in EIGRP routing. This works great.

The problem is, the next-hop router is one of two routers out of our building, connected to our WAN. If that next-hop router goes down, then the ASA will not have it's initial default route available.

So, is it possible to have the ASA have two default-routes, one with a higher metric, and use tracking to track the first router interface. If that goes down, then the secound default-route, pointing the the second upstream router, will take affect?

varrao · ‎05-09-2011

It is very much possible, what yo are talking about is called Dual ISP on ASA, it is used to bring redundancy on the firewall, I would suggest you to go through the document to understand the setup better:

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

Let me know if yo have any questions regadring it.

Thanks,

Varun

Thanks,
Varun Rao

jkeeffe · ‎05-09-2011

The link you provided is in the /US/partner area of CCO, which I don't have access to.

Do you have a link in the main area of CCO for the same document? Thanks

varrao · ‎05-09-2011

Here you go, find the pdf attached.

Varun

Thanks,
Varun Rao