Has anyone tried or successfully running BGP on ASA with a Multi-homed setup with two ISP's and a provider independent Public Subnet with a Public ASN.
Currently BGP is running on the Primary ISP and we are only taking the default route from there.
We are planning to implement a pair of ASA's in Active/Passive Setup with both ISP's terminating on them. To achieve ISP redundancy we would configure ISP failover using SLA Monitoring, however I would also like our Public Subnet unaltered if we switch to the backup ISP in case of a failure.
Both ISP Drops are Gig-Ethernet Copper Links, for which we will be using a switch stack to distribute both links to the ASA pair.
I just wanted to confirm if someone is running a similar setup or has validated that this works?
I can't say that I've seen this running in the wild - but I have seen it designed in Cisco documentation. I'd be a little leery about using ASAs for BGP Internet peering - you might run into some feature issues and I'd be concerned about memory issues for large routing tables.
My preference would be to place (1) or (2) Cisco 29xx or 39xx with a fair amount of memory (depending on the design).
Please rate helpful posts.
I'd agree with that - if only a default route is required then your fine. However, not being able to accept larger routing tables are a limitation. And that's what I'd be most concerned about. A few more are as follows:
Yes, though IPv6 and clustering are not what we are looking for in near future.
Just Active/Passive failover with dual ISP and BGP to support Multihoming. Though when the ASA's will arrive I will test this in the lab, I see no reason why this should not work, however just wanted to confirm if there are used cases around..
I've not set up bgp on an ASA, but why run a bgp process on the firewall for a single default route. I'd rather use the memory somewhere else...
Yes, but my approach is why waste money on a router for running BGP process, for a single default route when the ASA can do it. I'd rather use that money somewhere else...
It is not a good practice, ASAs only give the feature of dynamic routing, but if you want to do this i say that the better option will be isert a Router to manage dynamic routing.