2 ISPs with Our Existing Cisco Equipment

Posted on 2011-10-25
Last Modified: 2012-05-12
I apologize if this is long - we have a Verizon T1 for our ISP which has been at capacity for some time and we are planning on adding an additional 15mb/3mb for data with a separate 1.5mb to support a VoIP which would give us 3 external connections (once the contract with Verizon is up we will most likely drop them). We currently have a Cisco ASA 5510 without the Security Plus license that our T1 connects to as well as VPN clients. Internally we have a Cisco Express 500 that our VoIP phones connect to which is then connected to the ASA. Our data drops are connected to a “dumb” switch which is also connected to the ASA.
We were hoping to have Voice on the 1.5 cable, our Email and web servers on the T1 and all other data use the 15mb cable. From what I understand we cannot use the ASA 5510 for more than one ISP. We have 2 more Cisco Express 500s sitting in our closet. I know this is a stretch but with the equipment that we have, 3 Cisco Express 500s and a 1 Cisco ASA 5510, can we make this work to have multiple external ISPs? I’m not too familiar with networking so any help is much appreciated.
Question by:johnnva
    LVL 12

    Assisted Solution

    by:Gary Coltharp
    You cant use the ASA to load balance two ISP's ...but you can use it to failover to a backup ISP.

    Set up an sla to monitor the gateway connectivity on your primary ISP... it if goes away for X, change the gateway to the failover.

    See Example 7 on the following link:


    Author Comment

    Thanks for the reply, we have thought about a failover but our main goal is to have our VoIP and data traffic on separate networks, internally as well as external. The more I research it looks like the only way to be able to use multiple ISPs is to install a router in front of the ASA.
    Is this correct?
    We want to spend as little as possible since we are already going to be spending more on our bandwidth.
    LVL 17

    Accepted Solution

    ASA does not do PBR (policy-based routing). For limited use cases, there is a workaround that might work ... first, put in default routes to your uplinks:

    route outside x.x.x.x 1
    route voice  y.y.y.y 2
    route email z.z.z.z 3

    nat (inside) 1 0 0
    global (outside) 1 interface
    global (voice) 1 interface
    global (email) 1 interface

    Then add NAT statements for different kinds of traffic, e.g.

    static (email,inside) tcp smtp smtp netmask
    static (voice,inside) udp sip sip netmask

    Disclaimer: I've not tried to pull a stunt like this with VoIP, there's most likely additional ports, OTOH you most likely have a fixed IP of the remote VoIP provider, so you could tag the traffic based on that ...

    It's probably easier to set up such a PBR config on a "real" router, which will allow easier configuration of the routing ...

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
    This article is a guide to configure bridging on Cisco Routers.  This is something I never knew was possible until after making a few phone calls to Cisco.  Using bridging saved our company money by not requiring us to purchase a new switch.  Bridgi…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now