Showing results for 
Search instead for 
Did you mean: 

ASA5506-K9 dual IPS internet

Hello all,


Can I use dual IPS internet connections on a ASA5506-K9 with basic license. If it is possible can you please share the steps how it is done via ASDM.

Thank you.

2 Replies 2

VIP Guru VIP Guru
VIP Guru

If you meant to ISP (not IPS i guess)


here is the setup guide for reference, any issue post the running config, so we can tweak or suggest.


not sure what license you have can you post show version to look.


***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

: Serial Number: JAD220804BA
: Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
ASA Version 9.8(2)
hostname ciscoasa
enable password $sha512$5000$LnEsaFAelrppRD73k9KcwQ==$CdbxNo75LTvkRUP1Pkynbg== pbkdf2

interface GigabitEthernet1/1
nameif outside
security-level 0
ip address
interface GigabitEthernet1/2
nameif backup
security-level 0
ip address
interface GigabitEthernet1/3
bridge-group 1
nameif inside_2
security-level 100
interface GigabitEthernet1/4
bridge-group 1
nameif inside_3
security-level 100
interface GigabitEthernet1/5
bridge-group 1
nameif inside_4
security-level 100
interface GigabitEthernet1/6
bridge-group 1
nameif inside_5
security-level 100
interface GigabitEthernet1/7
bridge-group 1
nameif inside_6
security-level 100
interface GigabitEthernet1/8
bridge-group 1
nameif inside_7
security-level 100
interface Management1/1
no nameif
no security-level
no ip address
interface BVI1
nameif inside
security-level 100
ip address
ftp mode passive
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
name-server outside
name-server outside
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj_any1
object network obj_any2
object network obj_any3
object network obj_any4
object network obj_any5
object network obj_any6
object network obj_any7
object network inside
object network backup-inside
object network backup-inside2
access-list inside_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu backup 1500
mtu inside_2 1500
mtu inside_3 1500
mtu inside_4 1500
mtu inside_5 1500
mtu inside_6 1500
mtu inside_7 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
object network obj_any2
nat (inside_2,outside) dynamic interface
object network obj_any3
nat (inside_3,outside) dynamic interface
object network obj_any4
nat (inside_4,outside) dynamic interface
object network obj_any5
nat (inside_5,outside) dynamic interface
object network obj_any6
nat (inside_6,outside) dynamic interface
object network obj_any7
nat (inside_7,outside) dynamic interface
object network backup-inside
nat (inside_2,backup) dynamic interface
access-group inside_access_in in interface inside
route outside 1 track 10
route backup 245
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication login-history
http server enable
http inside_4
http inside_6
http inside_5
http inside_7
http inside_2
http inside_3
no snmp-server location
no snmp-server contact
sla monitor 123
type echo protocol ipIcmpEcho interface outside
sla monitor schedule 123 life forever start-time now
service sw-reset-button
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
track 10 rtr 123 reachability
telnet timeout 5
ssh stricthostkeycheck
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0

dhcpd auto_config outside
dhcpd address inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
dynamic-access-policy-record DfltAccessPolicy
username ciscoasa password $sha512$5000$RV/co+rLCz1evPltnRL70g==$48U94fqtcMAY4YZYNcwWFg== pbkdf2
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
jumbo-frame reservation
no call-home reporting anonymous
: end

Result of the command: "show version"

Cisco Adaptive Security Appliance Software Version 9.8(2)
Firepower Extensible Operating System Version 2.2(2.52)
Device Manager Version 7.8(2)

Compiled on Sun 27-Aug-17 13:06 PDT by builders
System image file is "disk0:/asa982-lfbff-k8.SPA"
Config file at boot was "startup-config"

ciscoasa up 6 mins 1 sec

Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
Internal ATA Compact Flash, 8000MB
BIOS Flash M25P64 @ 0xfed01000, 16384KB

Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Number of accelerators: 1

1: Ext: GigabitEthernet1/1 : address is 28ac.9e95.efb6, irq 255
2: Ext: GigabitEthernet1/2 : address is 28ac.9e95.efb7, irq 255
3: Ext: GigabitEthernet1/3 : address is 28ac.9e95.efb8, irq 255
4: Ext: GigabitEthernet1/4 : address is 28ac.9e95.efb9, irq 255
5: Ext: GigabitEthernet1/5 : address is 28ac.9e95.efba, irq 255
6: Ext: GigabitEthernet1/6 : address is 28ac.9e95.efbb, irq 255
7: Ext: GigabitEthernet1/7 : address is 28ac.9e95.efbc, irq 255
8: Ext: GigabitEthernet1/8 : address is 28ac.9e95.efbd, irq 255
9: Int: Internal-Data1/1 : address is 28ac.9e95.efb5, irq 255
10: Int: Internal-Data1/2 : address is 0000.0001.0002, irq 0
11: Int: Internal-Control1/1 : address is 0000.0001.0001, irq 0
12: Int: Internal-Data1/3 : address is 0000.0001.0003, irq 0
13: Ext: Management1/1 : address is 28ac.9e95.efb5, irq 0
14: Int: Internal-Data1/4 : address is 0000.0100.0001, irq 0

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 5 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10 perpetual
Total VPN Peers : 12 perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Cluster : Disabled perpetual

This platform has a Base license.

Serial Number: JAD220804BA
Running Permanent Activation Key: 0xea3bd443 0x74a3959b 0xd4e3c904 0x9c908074 0xc6120295
Configuration register is 0x1
Image type : Release
Key Version : A
Configuration has not been modified since last system restart.



This is the configuration of my ASA. Unfortunately it does not work for two IPS. It works with the first one but as soon I plug the network cable for the second internet provider - all internet stops. I used this tutorial:


Please help.




Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers