Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello Everyone,
We need guidance on the best path forward to providing ISP redundancy with *outbound* ISP load balancing (no need for inbound - don't want to use BGP).
We presently have 2 x ASA 5516-X units in a stateful Active/Standby HA configu...
Had this problem today with ASA 5516-X on ASA v9.5.2-14. Essentially the firewall stopped forwarding all between connected interfaces/subnets. From the firewall console, I could ping pretty much anything in the network and on the internet. But fro...
I thought this design would be "simple" and it's proven to be anything but..
There are two ASAs configured in active/standby failover. There are also two ISPs, correctly configured with tracked routing for ISP and ASA failover. Those basics work as...
Rick,
Inbound, we just have end-user, dial-in VPN termination which we could just have the Cisco Anyconnect have a Primary and Secondary configured for each ISP. There are a couple things we could expose through static NAT which are mostly IT reso...
Rick,
Thanks for your response.
Yes, two completely *separate* ISPs, each with their own set of NAT mappings.
We were initially thinking to do BGP, but after experiencing one DoS, we would rather not have to pay for [D]DoS mitigation from both ...
I'm quite sure I was overthinking it since the between the ASA lacking some hypothetical "must-have" feature that is inspired by smithing mythril with an Intel CPU ..
... or more realistically I don't have HSRP/BGP capable ISPs and was attempting a ...
I was having the same problems as you. While I haven't done packet capturing to see what the culprit actually is, I do have this working on my SG200-08P.
My setup is (roughly):
SIP Firewall (Edgemark 4750, vlan 90 native)Cisco ASA 5516-X (vlan 90, ...
