Failover options

Posted on 2008-11-04
Last Modified: 2012-05-05

Our company just recently acquired a 9mbps internet connection for redundancy in case our main ISP connection fails.

Equipement involved:

We currently have a PIX 515 connected to our main internet connection that is a 7 T1 Bundle. I am looking foward to replace this with a ASA 5540.

The branch offices currently run a pix 501 which i am planning to replace with a ASA5505.


I have 9 branch offices distributed accross Canada, they are all small offices with less than 20 individuals in each location, they run of a PIX 501 with one IPSEC tunnel to our main PIX 515 in the main office.

Desired Scenario:


We need fail over regardless. My company is maturing its business and downtime is becoming a critical situation that we cannot afford.

Question: I Would like to know how can i failover the ASA5540 with two internet connections. I have a ASA5505 in hands and i was reading the manual and i can see that it can do that, so my best guess is that the 5540 would be able as well.

Simply, my two isp providers are completely independent of each other, so even if the circuits of the main one fail, the second one do not have anything with the first and will still work, so i would like the ASA tp failover if that happends and just start using the second link.

Any thoughts ? No config files for now :D
Just simple talk.
Question by:iFroyd
    LVL 13

    Assisted Solution

    A good starter doc on the whole subject here:

    LVL 79

    Accepted Solution

    Yes, you can setup the ASA for failover using dual ISP's and it is quite simple. The only thing you can't do is load-balance or even use route-maps to load share.
    I know you said that you didn't need configs for now, but here's the document that describes the solution and also how to configure it:


    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
    Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now