Solved

redundancy on cisco asa

Posted on 2014-01-28
7
276 Views
Last Modified: 2014-02-14
Hi Guys,

I have two ISPs and I was wondering could i use an interface for each ISP and set one to primary and set one to secondary??

So, if the primary went down traffic could go out on the 2nd one?
0
Comment
Question by:jonathanduane2010
7 Comments
 
LVL 12

Expert Comment

by:Infamus
Comment Utility
add two different default route.

For example, if ISP1 10.1.1.1 and ISP2 172.20.1.1

ip route 0.0.0.0 0.0.0.0 10.1.1.1
ip route 0.0.0.0 0.0.0.0 172.20.1.1 10

you can also use object tracking....
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
Are you using this for outbound traffic only?

Or are you hosting services that require inbound access?
0
 

Author Comment

by:jonathanduane2010
Comment Utility
no, it would be for emergencies only really, so outbound traffic would be all we need....
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 57

Accepted Solution

by:
giltjr earned 460 total points
Comment Utility
Then using object tracking with SLA and changing the default route.

Replace 1.1.1.1 with the IP address of ISP#1 router and 2.2.2.2 with the IP address of ISP#2's router.


route outside 0.0.0.0 0.0.0.0 1.1.1.1 1 track 1
route backup 0.0.0.0 0.0.0.0 2.2.2.2 254

sla monitor 1
type echo protocol ipIcmpEcho 1.1.1.1 interface outside
num-packets 3
frequency 10

sla monitor schedule 1 life forever start-time now

track 1 rt 1 reachability

Ref:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml
0
 

Author Comment

by:jonathanduane2010
Comment Utility
great thank you!

I am using the ASDM launcher, can i input these commands through the CLI ?
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
Yes or you can scroll down some on the above link, I'm fairly sure that it shows how to do it via the ASDM.
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
Don't forget you will need a sec plus licence!
Cisco ASA/PIX 8.x: Redundant or Backup ISP




Pete
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now