Dual ISP on ASA 5505

thanhgiang · ‎02-09-2012

Hi,

At the moment I'm running a T1 to a Cisco ASA 5505 device. I'm in the process of getting a backup ISP. My question is, is it possible to configure this firewall with two ISPs so that the same internal webserver can be accessed via backup ISP?

Thanh

ajay chauhan · ‎02-09-2012

Back up internet you can always configure but can not use backup link until primary fails.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

Thanks

Ajay

thanhgiang · ‎02-09-2012

Still this does really answer my question. Will I be able to access my website from the backup isp?

Thanks

Thanh

datobin10 · ‎02-09-2012

The issue you will have is with the DNS needing to be changed to the the backup providers ip when the primary goes down.

Here are some ideas to make this happen,

Option 1. Work with both providers to support routing BGP to you

Option 2. Each ISP will give you a different range of ip addresses, Setup static mappings / forward ports from ips from both providers assigned ips to the same internal webserver or if is dhcp just forward the port from assinged address. Then use a third party DNS provider that allow forwarding with redundancy.

Option 3. Utilize dynamic DNS with a third party DNS provider.

ajay chauhan · ‎02-09-2012

Answer is NO.

thanhgiang · ‎02-10-2012

Thanks Daniel, I will try that.

Thanh

cadet alain · ‎02-10-2012

Hi,

1. ASA doesn't support BGP

2. ASA doesn't support load balancing but only primary/backup failover with static routing and tracking feature

3; as far as I know DynDNS client is not supported on ASA

Regards.

Alain

Don't forget to rate helpful posts.