Cisco ASA Failover 5 ISP Connections?

Posted on 2012-09-06
Last Modified: 2012-09-17
HI -

I have a pair of Cisco ASA 5510's setup in Active/Standby mode.

At the main office there are 5 ISP connections. They are used as follows.

ISP 1 - Internet
ISP 2 - SAN Replication
ISP 3 - VPN for remote staff
ISP 4  - Multiple bonded MPLS T1's for branch access (Terminal services and IP phones)
ISP 5 - 4G Internet (Not currently used)

Can i have each ISP connection failover to the ISP of my choosing? For example, I want ISP 1 to failover to ISP 2, and if ISP 2 is down then have ISP1 failover to ISP 5.

Can a failover link be active while waiting for failover? For example, can ISP 2 be active for SAN replication while it is waiting for ISP 1 to fail and if ISP 1 fails I don't want it to interrupt the current activity on ISP 2.
Question by:First Last
    LVL 15

    Assisted Solution

    You are going to need to step up to the ISR hardware to do that. The 2921 would work here.
    LVL 76

    Accepted Solution

    Each ISP will need to be connected to its own interface. It also depends on the type of connections to detect failure.
    You would use weights for the failover order part.
    You would use routing tables using interfaces and weights to define uses of failover connections to be primary/loadbalancer for specific sets.
    Ip route interface_isp1 10
    Ip route interface_isp2 30
    Ip route interface_isp5 50
    Ip route san_ip range interface_isp2 20
    Ip route san_ip range interface_isp4 20/30 loadbalance/failover

    This setup is the simpler if failure is based on he interface going own.
    If failure has to be based on sla where a ping or similar is a mechanism to detect that the link is no longer functional.
    LVL 1

    Author Comment

    by:First Last
    Why would I have to use something like a 2921 router prior to my ASA? Can't i utilize a spare 3750G switch to connect all my iSP connections, then put them each on a VLAN and finally a Trunk to each ASA?

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
    From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now