Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2160
Views
0
Helpful
2
Replies

Dual ISP with Active/Active

Travis Marzo
Level 1
Level 1

‎06-17-2015 10:50 AM - edited ‎03-05-2019 01:41 AM

Is it possible to have 1 ISP connected to the Primary ASA and another ISP to the Secondary ASA? Both connections will be active but if one ISP is to fail, all traffic would failover to the active ISP. Can this be accomplished in an Active/Active state?

Labels:
0 Helpful
2 Replies 2

Lost & Found
Level 2
Level 2

‎06-17-2015 07:08 PM

HI,

Regarding to your problem here are some ideas. 

Using ASA:

interface Ethernet0/0
ISP 1 - Outside

interface Ethernet0/1
ISP 2 - Outside

interface Ethernet0/2
Inside

You can use to global interface for ISP 1 and 2, route and add nat specific ip address. But this setup is not a failover when ISP 1 goes down all connected to it is down.

But there is a feature in ASA that you can load balance but I think you will be needing additional license sec. for it. 

Secondly, If you could add 1 router on top of your ASA I think you can the ff.

1. Two VIP Method - Create a two Virual IP add that points a primary active ISP interchangeably to ont another.

2. Using Proxy server - your Client Computer is not directly connected to the internet and is therefore depending to your proxy server. so the proxy server handle all addresses to be automatically configured you can add some Rule on you server GPO. or you can redirect all httpand https traffic to your proxy server no configuration needed to your server.

3. Proxy and DNS round robin - In round robin you can only use hostname no IP add. You may need proxy server for it such as Squid.

4. GLBP + Designated VLAN/Ports. - In GLBP AVF and AVG is the one who managed our route. by default its Round-robin which in the can it can loadbalance but the problem is IF your ISP's has a diffrent speed you can prioritize IP address using host dependent.

5. IPSLA w/ Track object and Float static - since ipsla is a measurement based routing its based on measurement and routing decision. IPSLA(prob) then create track Obj. and floating statioc route. beware in real world you should verify all your source. hardcode allways come from your IP source.

6. BGP - if you have your own AS and address block then peer (EBGP) with the different ISP.  but ingress traffic (From ISP to you) is not possible as this are two distinct routes. in this setup if referring to egress traffic (from you to Internet) by default BGP chooses only 1 EBGP path but this setting can be changed. by doing this all router will have 2 best path for default route. so ithink with this one you can achieve this.

Hope this could help you. Good luck and have a good Cisco time!

thanks

Arvin R.

 

 

0 Helpful

Travis Marzo
Level 1
Level 1
In response to Lost & Found

‎07-01-2015 08:56 AM

Instead of using a router, I would like to use 2 switches to split the traffic between the two ASAs. This would give us full redundancy all the way to the ISP. Set the ASAs up in a Active/Passive state. We use IPSLA now for our routes so the configuration wouldn't change when we add the second ASA onsite. I drew up a quick Visio of what I'm thinking. Does Cisco make a managed 4 port switch? We need something that can withstand 50-100Mb all day long and not drop packets.  

Preview file
98 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card