Solved

Configure a pair of cisco ASA with 2 ISPs ?

Posted on 2009-04-14
5
524 Views
Last Modified: 2012-05-06
Hi Experts,

I have a pair of ASA 5520 and I'd like to configure it as failover with my 2 ISPs. We have purchased a subnet from each ISP (they are 64.x.x.x/30 and 11.x.x.x/30). My question is how do I configure 2 x ASAs with 2 difference ISPs for failover ? Thanks a lot.

Note: the pair of router will do all the NAT and routing parts.



pic.GIF
0
Comment
Question by:SJCA
  • 3
  • 2
5 Comments
 
LVL 6

Expert Comment

by:cosmicfox
ID: 24141529
When you run a failover setup on a ASA they share there configuration between the two devices. So from what i can see is you would need to have each ISP plugged into each ASA. then you will have to do a IP SLA also known as track feature.
0
 
LVL 1

Author Comment

by:SJCA
ID: 24143424
Correct, i will need to plug each ISP to each ASA. I have done active/standby for 2xASA before but it was done within the same subnet. Since this is difference subnet from difference ISPs, will that possible for ASA ? what should I be aware of ?
0
 
LVL 6

Accepted Solution

by:
cosmicfox earned 500 total points
ID: 24144198
You will need to use the route track feature, the link is below on a setup. I would suggest you setup this in a test lab, Download GNS3 and use the Pix emulator and set this up to test.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml#diag
0
 
LVL 1

Author Comment

by:SJCA
ID: 24149134
I have both physical hardware (which belong to my company) and GNS3 with me.

For GNS3, I have setup the 2 x PIX working as active/standby redundancy but within the same subnet only. For my situation, I'm not sure if they will work with 2 difference subnets, plus I have not seen any tutorials about this, maybe it's impossible to do !? ( i may wrong on this)

I'm digging more in route track feature to see how it works. By the way, I think the link you provided that just for 1 PIX/ASA with 2 ISPs.
0
 
LVL 6

Expert Comment

by:cosmicfox
ID: 24149625
Yes the guide only shows the track feature, you will need to setup this in order to have two connections. Putting a failover unit will not change much with this feature. It will give you device redundancy
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question