Learn how to a build a cloud-first strategyRegister Now


Cisco ASA Failover 5 ISP Connections?

Posted on 2012-09-06
Medium Priority
Last Modified: 2012-09-17
HI -

I have a pair of Cisco ASA 5510's setup in Active/Standby mode.

At the main office there are 5 ISP connections. They are used as follows.

ISP 1 - Internet
ISP 2 - SAN Replication
ISP 3 - VPN for remote staff
ISP 4  - Multiple bonded MPLS T1's for branch access (Terminal services and IP phones)
ISP 5 - 4G Internet (Not currently used)

Can i have each ISP connection failover to the ISP of my choosing? For example, I want ISP 1 to failover to ISP 2, and if ISP 2 is down then have ISP1 failover to ISP 5.

Can a failover link be active while waiting for failover? For example, can ISP 2 be active for SAN replication while it is waiting for ISP 1 to fail and if ISP 1 fails I don't want it to interrupt the current activity on ISP 2.
Question by:First Last
LVL 15

Assisted Solution

wingatesl earned 400 total points
ID: 38374776
You are going to need to step up to the ISR hardware to do that. The 2921 would work here.
LVL 81

Accepted Solution

arnold earned 1600 total points
ID: 38379284
Each ISP will need to be connected to its own interface. It also depends on the type of connections to detect failure.
You would use weights for the failover order part.
You would use routing tables using interfaces and weights to define uses of failover connections to be primary/loadbalancer for specific sets.
Ip route interface_isp1 10
Ip route interface_isp2 30
Ip route interface_isp5 50
Ip route san_ip range interface_isp2 20
Ip route san_ip range interface_isp4 20/30 loadbalance/failover

This setup is the simpler if failure is based on he interface going own.
If failure has to be based on sla where a ping or similar is a mechanism to detect that the link is no longer functional.

Author Comment

by:First Last
ID: 38383674
Why would I have to use something like a 2921 router prior to my ASA? Can't i utilize a spare 3750G switch to connect all my iSP connections, then put them each on a VLAN and finally a Trunk to each ASA?

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question