Thanks for the quick reply.

From my understanding failover means if one ISP goes down the other one takes over right?

I am building a normal Enduser Network (ISP1) and a private one (ISP2). Therefore there should be no failover whatsover. If there would be no solution like this then I'd use ISP 1 as failover when ISP 2 goes down.

You can have both the solution, failover or equally use both the links, and failover when required.

you may not be able to give 100% satisfaction service, but you have servce available.

what i mean was :

take example of the ISP Link 1 -10MB and ISP 2 Link 10MB

if you using each link 50% you can 100%  Service when it fail over either of link.

if both the link using 10MB full capacity, the Service may degrade, but you have service available.

Hope this make sense what you deploying scenario works.

This wont work as the networks should never be connected. The private Network is only for secure devices and the other one is for everyone.

I still get the point you are trying to make tho!

Oh that make sense, i was in impression both ISP internet based.

then you have only  PBR to route respected outgoing interface.

Just read that it is possible

Hello,

where did you read that you can match on MAC addresses ? I am not sure you can...

There happens to be another thread on the forum where a user is trying to accomplish PBR to two different ISPs. The process was quite tricky, and a few things need to be kept in mind. In the configuration example below, you want three hosts to go out through the link to ISP2, and the rest through the link to ISP1 (the default). IP addressing is obviously arbitrary, you need to use whatever IP addresses you have configured:

interface GigabitEthernet1/1
ip address 192.168.10.1 255.255.255.0
nameif inside
security level 100
policy-route route-map ISP-RM
!
access-list HOST1 extended permit ip host 192.168.10.12 any
access-list HOST2 extended permit ip host 192.168.10.13 any
access-list HOST3 extended permit ip host 192.168.10.14 any
!
route-map ISP-RM permit 10
match ip address HOST1 HOST2 HOST3
set ip next-hop 2.2.2.2
!
interface GigabitEthernet1/2
description Link to ISP1
nameif outside1
security level 0
ip address 1.1.1.1 255.255.255.252
!
interface GigabitEthernet1/3
description Link to ISP2
nameif outside2
security level 0
ip address 2.2.2.1 255.255.255.252
!
nat (inside,outside1) 1 source dynamic any interface
nat (inside,outside2) 2 source dynamic any interface
!
route outside1 0.0.0.0 0.0.0.0 1.1.1.2 1
route outside2 0.0.0.0 0.0.0.0 2.2.2.2 10

Hello I read it while looking for a WLAN Access point. Not sure if its possible on Cisco devices tho ^^

Thanks for the Config - this may sound dumb but how would I insert my devices in the Hostlist?

Would I just need to configure the given IP from the 192.168.10.12 / 13 / 14 to my devices?

-- Obviously I would need to configure my own IP address for the rest -- 

Thanks in advance!

You add the ACL with the propose config, and add more IP same way given example to add more network hosts here .

Hello,

indeed, just replace the IP addresses marked in bold with your own, and add the access list names to the route map match clause:

access-list HOST1 extended permit ip host 192.168.10.12 any
access-list HOST2 extended permit ip host 192.168.10.13 any
access-list HOST3 extended permit ip host 192.168.10.14 any
!
route-map ISP-RM permit 10
match ip address HOST1 HOST2 HOST3
set ip next-hop 2.2.2.2