Browsed by
Day: November 11, 2015

Configure a Cisco ASA 5505 with Twin ISP Backup Relationship

Configure a Cisco ASA 5505 with Twin ISP Backup Relationship

In this post I will explain how to configure a Cisco ASA 5505 firewall to hook up to twin ISPs for redundancy applications. Suppose that we have a principal high-speed ISP relationship, and a more cost-effective DSL line connected to a Secondary ISP. Commonly all of our targeted traffic ought to move via the principal ISP. If the principal link fails, the secondary DSL relationship ought to be used for Internet entry. Please observe that the higher than circumstance is legitimate only for Outbound targeted traffic (i.e. from our internal community to the Internet). The features that I will explain under will work for ASA 5505 model 7.2(1) and higher than.

Assume that we are assigned a static Community IP deal with of one hundred.one hundred.one hundred.1 from Key ISP and a further static Community IP deal with of two hundred.two hundred.two hundred.1 from our Backup ISP. We will use Ethernet / for connecting to Key ISP, Ethernet /1 for connecting to our Internal LAN, and Ethernet /2 for connecting to our Backup ISP. We will develop a few VLANs to support our configuration. VLAN1 (the default Vlan) will be assigned to Ethernet /1 (inside), VLAN2 will be assigned to Ethernet / (principal-isp) and VLAN3 will be assigned to Ethernet /2 (backup-isp). We also have to configure two static default routes pointing to the ISP gateway deal with. The principal ISP default route shall have a metric of 1 and the backup ISP default route shall have a metric even bigger than 1 (let us say 2). Enable us see the configuration under:

ASA5505(config)# interface ethernet /
ASA5505(config-if)# switchport entry vlan 2
ASA5505(config-if)# no shutdown

ASA5505(config)# interface ethernet /1
ASA5505(config-if)# switchport entry vlan 1
ASA5505(config-if)# no shutdown

ASA5505(config)# interface ethernet /2
ASA5505(config-if)# switchport entry vlan three
ASA5505(config-if)# no shutdown

ASA5505(config)# …