Solved

Configure a pair of cisco ASA with 2 ISPs ?

Posted on 2009-04-14
5
522 Views
Last Modified: 2012-05-06
Hi Experts,

I have a pair of ASA 5520 and I'd like to configure it as failover with my 2 ISPs. We have purchased a subnet from each ISP (they are 64.x.x.x/30 and 11.x.x.x/30). My question is how do I configure 2 x ASAs with 2 difference ISPs for failover ? Thanks a lot.

Note: the pair of router will do all the NAT and routing parts.



pic.GIF
0
Comment
Question by:SJCA
  • 3
  • 2
5 Comments
 
LVL 6

Expert Comment

by:cosmicfox
ID: 24141529
When you run a failover setup on a ASA they share there configuration between the two devices. So from what i can see is you would need to have each ISP plugged into each ASA. then you will have to do a IP SLA also known as track feature.
0
 
LVL 1

Author Comment

by:SJCA
ID: 24143424
Correct, i will need to plug each ISP to each ASA. I have done active/standby for 2xASA before but it was done within the same subnet. Since this is difference subnet from difference ISPs, will that possible for ASA ? what should I be aware of ?
0
 
LVL 6

Accepted Solution

by:
cosmicfox earned 500 total points
ID: 24144198
You will need to use the route track feature, the link is below on a setup. I would suggest you setup this in a test lab, Download GNS3 and use the Pix emulator and set this up to test.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml#diag
0
 
LVL 1

Author Comment

by:SJCA
ID: 24149134
I have both physical hardware (which belong to my company) and GNS3 with me.

For GNS3, I have setup the 2 x PIX working as active/standby redundancy but within the same subnet only. For my situation, I'm not sure if they will work with 2 difference subnets, plus I have not seen any tutorials about this, maybe it's impossible to do !? ( i may wrong on this)

I'm digging more in route track feature to see how it works. By the way, I think the link you provided that just for 1 PIX/ASA with 2 ISPs.
0
 
LVL 6

Expert Comment

by:cosmicfox
ID: 24149625
Yes the guide only shows the track feature, you will need to setup this in order to have two connections. Putting a failover unit will not change much with this feature. It will give you device redundancy
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

While it is possible to put two routes in place with the secondary having a higher metric, this may not always work. In the event of a failure that does not bring down the physical interface on the router the primary route is not removed. There is a…
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now