Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
383
Views
0
Helpful
5
Replies

automatic isp failover

elite2010
Level 3
Level 3

‎02-23-2017 01:35 PM - edited ‎03-08-2019 09:28 AM

Hi,

I have the above scenario ,  I wan't make use of both isp .But the problem is  ASA1 and ASA2   are in active standby mode .

I can send the traffic to only one router at a time . 

How is that possible ? . 

2 ) If  I connect both ISP to  R1  , is it possible ? 

Thanks 

Labels:
0 Helpful
5 Replies 5

Francesco Molino
VIP Alumni
VIP Alumni

‎02-23-2017 04:42 PM

Hi 

If you connect your second isp on the active asa you will be able to do such design. You can double attached each router on both asa. 

I saying that just to be sure to keep in mind that if asa 1 goes down you need to be able to handle traffic through asa 2.

Just for your information, if you convert your asa in active active then you can keep as is and use both isp. In your actual design if 1 asa goes down then you loose 1 isp.

If both isp are connected to each asa, and if you're using latest version (minimum 9.4) you can use pbr capabilities on asa to send some traffic through isp1 and other traffic to isp2. This is in the case you want to user both of them at the same time. 

If you attach isp2 directly to your router 1, then you will be able to user pbr as well to use both isp lines.

Hope that answered your question 

Thanks 

PS: Please don't forget to rate and mark as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

elite2010
Level 3
Level 3
In response to Francesco Molino

‎02-23-2017 10:53 PM

Hi,

If you connect your second isp on the active asa you will be able to do such design. You can double attached each router on both asa. 

What is the configuration look like on  ROUTER and ASA 

It would be  great could you give configuration example .

If I use ASA active /active  vpn does not work 

Thanks

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to elite2010

‎02-24-2017 07:18 AM

Hi

Yes client vpn won't work in a active/active cluster but I wasn't aware that you used VPN features.

For router configuration, it won't change as it is today. I guess nat is done on the router ?

For the ASA config, let's assume your internal subnets are 192.168.0.0/24 and 192.168.1.0/24. now we assume that subnet 192.168.0.0/24 goes through ISP1 (10.10.10.1) and the other subnet goes to ISP2 (10.10.20.2).

This is a sample config. We can do more detailed config by adding some tracking (for redundancy,...)

access-list subnet1 extended permit ip 192.168.0.0 255.255.255.0 any

access-list subnet2 extended permit ip 192.168.1.0 255.255.255.0 any

route-map PBR permit 10

 match ip address subnet1

 set ip next-hop 10.10.10.1 (you can also use set interface xxx instead of next-hop)

route-map PBR permit 20

 match ip address subnet2

 set ip next-hop 10.10.20.2

interface g0/0 --> Your ASA inside interface

 policy-route route-map PBR

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

elite2010
Level 3
Level 3
In response to Francesco Molino

‎03-05-2017 10:10 AM

Hi Francesco Molino,

I have made a lot of confusion . Sorry for that .

Actually the nat is done on the  ASA .

Thanks

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to elite2010

‎03-05-2017 10:30 AM

Hi,

Ok it works as well with PBR. But you need to have latest version to support PBR on ASA. 

Did you validate that your ASA can support it?

Thanks


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents