To configure the ASA to send traffic through both ISPs simultaneously.
Usually when a user has two ISPs terminating on the ASA, the ASA is configured for ISP redundancy. However in some cases, the user would like to use both ISPs simutlaneously to send traffic.
In such a scenario, the best solution would be to use a router. Using route-maps on the router, one can configure the routing in such a way that only certain kind of traffic uses one ISP while the second ISP is used for other kinds of traffic. Although the ASA supports route-maps, because it wasn't designed to support extensive routing capabilities, there are quite a few features under route-maps like source-based routing, which are not supported by the ASA. If using a router is an option then the network would have to be redesigned as follows:
If however, this is not an option, then it is possible to configure a very crude form of "loadbalancing" on the ASA. The following two scenarios are ways in which both ISPs can be used simultaneously on the ASA:
1. Route traffic based on destination:
As I mentioned aboved, the ASA is not a load-balancer or a packet-shaper. However with the following commands on the ASA, we can route traffic to half the destinations on the internet using ISP1 and the other half using ISP2:
nat (inside) 1 0 0
global (ISP1) 1 interface
global (ISP2) 1 interface
route ISP1 18.104.22.168 22.214.171.124 126.96.36.199 // creates a default route for addresses in the first half of the IPv4 spectrum
route ISP2 0.0.0.0 188.8.131.52 184.108.40.206// creates a default route for addresses in the second half of the IPv4 sepctrum
2. Route traffic based on destination ports:
By adding the configuration below, the ASA can be set up to send web traffic(http,https) out through ISP2 and all other traffic is sent through ISP1 as shown above.
Hello. We have a pair of FTD on ASA5525-X running in an Active / Standby pair managed by FMC. What are the step by step sequence (or commands) for shutting down both units as this will be my first time having to go through this process. And I assume once ...
I have noticed majority of a customers endpoints are showing as "misc" in the endpoints pie chart, see below: What defines this "misc" category and where is this definition configured? If I look at these misc devices, for example some canon printers ...
Hello,We have two data centers, Primary site (DC1) and DR site (DC2). In each data center we have one FMC (hardware) and two FTD appliances.I have configured HA between the FMCs (where the primary FMC resides in DC1) and the FTDs at each data center...
Hi,we use EAP-TLS for machine and user auth. When certificates are installed, everything is fine. I am testing the scenario when the e.g. User certificate is not present. Anyconnect shows the warning that there is no certificate (dot1x fails) but network ...
Hello TogetherPlease i will open for LAN "Inside" the SSH Port. try with this commands but no postive result appair "Connection redused"i know iam on the right way, please and thanks for any Update:asa(config)# crypto key generate rsa general-keys modulus...