Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 534
  • Last Modified:

Configure a pair of cisco ASA with 2 ISPs ?

Hi Experts,

I have a pair of ASA 5520 and I'd like to configure it as failover with my 2 ISPs. We have purchased a subnet from each ISP (they are 64.x.x.x/30 and 11.x.x.x/30). My question is how do I configure 2 x ASAs with 2 difference ISPs for failover ? Thanks a lot.

Note: the pair of router will do all the NAT and routing parts.



pic.GIF
0
SJCA
Asked:
SJCA
  • 3
  • 2
1 Solution
 
cosmicfoxCommented:
When you run a failover setup on a ASA they share there configuration between the two devices. So from what i can see is you would need to have each ISP plugged into each ASA. then you will have to do a IP SLA also known as track feature.
0
 
SJCAAuthor Commented:
Correct, i will need to plug each ISP to each ASA. I have done active/standby for 2xASA before but it was done within the same subnet. Since this is difference subnet from difference ISPs, will that possible for ASA ? what should I be aware of ?
0
 
cosmicfoxCommented:
You will need to use the route track feature, the link is below on a setup. I would suggest you setup this in a test lab, Download GNS3 and use the Pix emulator and set this up to test.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml#diag
0
 
SJCAAuthor Commented:
I have both physical hardware (which belong to my company) and GNS3 with me.

For GNS3, I have setup the 2 x PIX working as active/standby redundancy but within the same subnet only. For my situation, I'm not sure if they will work with 2 difference subnets, plus I have not seen any tutorials about this, maybe it's impossible to do !? ( i may wrong on this)

I'm digging more in route track feature to see how it works. By the way, I think the link you provided that just for 1 PIX/ASA with 2 ISPs.
0
 
cosmicfoxCommented:
Yes the guide only shows the track feature, you will need to setup this in order to have two connections. Putting a failover unit will not change much with this feature. It will give you device redundancy
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now