Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
772
Views
0
Helpful
2
Replies

Configuring TWO ISP on Cisco ASA

okoroji80
Level 1
Level 1

‎02-11-2015 11:46 AM - edited ‎03-03-2019 07:45 AM

Dear Support Members,

 

Can anyone assist with the procedure of setting up ASA to failover two ISP links if any of the ISP fails.

 

 

 

Thanks

Labels:
0 Helpful
2 Replies 2

nate fitzgerald
Level 1
Level 1

‎02-11-2015 11:58 AM

Configure IP SLA TRACKING, here is a brief config example for a ASA 5505

 

 

SETUP BOTH INTERFACES, IF YOU HAVE AN ASA 5510 OR HIGHER YOU WILL NOT NEED TO USE THE VLAN 2 OR 3 COMMAND OR NEED THE "  no forward interface Vlan2 " YOU WOULD JUST ASSING THE IP AND NAME TO THE PHYSICAL ETHERNET OR GIGABIT INTERFACE ****

 

interface Vlan2
 nameif outside
 security-level 0
 ip address 1.1.1.1  255.255.255.0
!
interface Vlan3
 no forward interface Vlan2
 nameif outside2
 security-level 0
 ip address 2.2.2.2 255.255.255.0
!

******** ENABLE PINGS FROM THE OUTSIDE/OUTSIDE2 FOR BOTH INTERFACES ******

!

icmp permit any outside
icmp permit any echo outside

!
icmp permit any outside2
icmp permit any echo outside2

!

 

SETUP THE SLA TRACKING , 8.8.8.8 IS GOOGLE DNS, THIS IS JUST USED AS AN IP ADDRESS THAT SHOULD ALWAYS BE UP ON THE INTERNET AND BALE TO PING, AS OPPOSED TO USING THE GATEWAY OR ANOTHER IP ADDRESS FROM YOU ISP EQUIPMENT, THE PARAMETERS BELOW THA ARE HOW ONG IT WILL TAKE TO SWITCH BACK TO THE MAIN OUTSIDE INTERFACE ONCE THE PRIMARY CONNECTION IS BACK UP ******

sla monitor 100
 type echo protocol ipIcmpEcho 8.8.8.8 interface outside
 num-packets 5
 timeout 30000
 frequency 30

!

sla monitor schedule 100 life forever start-time now

!

track 100 rtr 100 reachability

!

 

RE ENTER YOU ROUTE COMMANDS WITH THE PRIMARY OUTSIDE INTERFACE BEING THE PRIMARY ROUTE WITH  THE NEW SLA TRACK ID YOU CONFIGURED, THE THE OUTSID2 INTERFACE AS A BACKUP, OBVIOUSLY THE IP ADDRESSES BELOW AND ABOVE ARE JUST EXAMPLES THE ROUTE COMMANDS SHOULD BE THE GATEWAY ADDRESSES THAT THE ISP IS PROVIDING

 

 

route outside 0.0.0.0 0.0.0.0 1.1.1.1 1 track 100
route outside2 0.0.0.0 0.0.0.0 2.2.2.2 240

 

 

HOPEFULLY THAT SHOULD WORK FOR YOU, I have set it up this way on multiple ASA 5505 models and 5512X so you should be good, let me know if you have any questions

 

Thanks

 

0 Helpful

okoroji80
Level 1
Level 1
In response to nate fitzgerald

‎02-16-2015 11:55 PM

Thanks Nate,

 

for the clarification, do i still need a NAT configuration on the device to be able to reach the internet.

kindly shed more light thanks

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card