Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Configure a pair of cisco ASA with 2 ISPs ?

Posted on 2009-04-14
Last Modified: 2012-05-06
Hi Experts,

I have a pair of ASA 5520 and I'd like to configure it as failover with my 2 ISPs. We have purchased a subnet from each ISP (they are 64.x.x.x/30 and 11.x.x.x/30). My question is how do I configure 2 x ASAs with 2 difference ISPs for failover ? Thanks a lot.

Note: the pair of router will do all the NAT and routing parts.

Question by:SJCA
  • 3
  • 2

Expert Comment

ID: 24141529
When you run a failover setup on a ASA they share there configuration between the two devices. So from what i can see is you would need to have each ISP plugged into each ASA. then you will have to do a IP SLA also known as track feature.

Author Comment

ID: 24143424
Correct, i will need to plug each ISP to each ASA. I have done active/standby for 2xASA before but it was done within the same subnet. Since this is difference subnet from difference ISPs, will that possible for ASA ? what should I be aware of ?

Accepted Solution

cosmicfox earned 500 total points
ID: 24144198
You will need to use the route track feature, the link is below on a setup. I would suggest you setup this in a test lab, Download GNS3 and use the Pix emulator and set this up to test.


Author Comment

ID: 24149134
I have both physical hardware (which belong to my company) and GNS3 with me.

For GNS3, I have setup the 2 x PIX working as active/standby redundancy but within the same subnet only. For my situation, I'm not sure if they will work with 2 difference subnets, plus I have not seen any tutorials about this, maybe it's impossible to do !? ( i may wrong on this)

I'm digging more in route track feature to see how it works. By the way, I think the link you provided that just for 1 PIX/ASA with 2 ISPs.

Expert Comment

ID: 24149625
Yes the guide only shows the track feature, you will need to setup this in order to have two connections. Putting a failover unit will not change much with this feature. It will give you device redundancy

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Can't access router via web browser 21 95
Can't remote with RDC through ASUS RT-N66W Router 3 68
BGP Network restrictions 6 45
What problem can Native VLAN mismatch causes 4 45
Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question