Configure a Cisco ASA 5505 with Twin ISP Backup Relationship

Configure a Cisco ASA 5505 with Twin ISP Backup Relationship

In this post I will explain how to configure a Cisco ASA 5505 firewall to hook up to twin ISPs for redundancy applications. Suppose that we have a principal high-speed ISP relationship, and a more cost-effective DSL line connected to a Secondary ISP. Commonly all of our targeted traffic ought to move via the principal ISP. If the principal link fails, the secondary DSL relationship ought to be used for Internet entry. Please observe that the higher than circumstance is legitimate only for Outbound targeted traffic (i.e. from our internal community to the Internet). The features that I will explain under will work for ASA 5505 model 7.2(1) and higher than.

Assume that we are assigned a static Community IP deal with of one hundred.one hundred.one hundred.1 from Key ISP and a further static Community IP deal with of two hundred.two hundred.two hundred.1 from our Backup ISP. We will use Ethernet / for connecting to Key ISP, Ethernet /1 for connecting to our Internal LAN, and Ethernet /2 for connecting to our Backup ISP. We will develop a few VLANs to support our configuration. VLAN1 (the default Vlan) will be assigned to Ethernet /1 (inside), VLAN2 will be assigned to Ethernet / (principal-isp) and VLAN3 will be assigned to Ethernet /2 (backup-isp). We also have to configure two static default routes pointing to the ISP gateway deal with. The principal ISP default route shall have a metric of 1 and the backup ISP default route shall have a metric even bigger than 1 (let us say 2). Enable us see the configuration under:

ASA5505(config)# interface ethernet /
ASA5505(config-if)# switchport entry vlan 2
ASA5505(config-if)# no shutdown

ASA5505(config)# interface ethernet /1
ASA5505(config-if)# switchport entry vlan 1
ASA5505(config-if)# no shutdown

ASA5505(config)# interface ethernet /2
ASA5505(config-if)# switchport entry vlan three
ASA5505(config-if)# no shutdown

ASA5505(config)# interface vlan 1
ASA5505(config-if)# nameif inside
ASA5505(config-if)# protection-level one hundred
ASA5505(config-if)# ip deal with 192.168.1.1 255.255.255.
ASA5505(config-if)# no shutdown

ASA5505(config)# interface vlan 2
ASA5505(config-if)# nameif principal-isp
ASA5505(config-if)# protection-level
ASA5505(config-if)# ip deal with one hundred.one hundred.one hundred.1 255.255.255.
ASA5505(config-if)# backup interface vlan three
ASA5505(config-if)# no shutdown

ASA5505(config)# interface vlan three
ASA5505(config-if)# nameif backup-isp
ASA5505(config-if)# protection-level 1
ASA5505(config-if)# ip deal with two hundred.two hundred.two hundred.1 255.255.255.
ASA5505(config-if)# no shutdown

ASA5505(config)# route principal-isp … … one hundred.one hundred.one hundred.2 1
ASA5505(config)# route backup-isp … … two hundred.two hundred.two hundred.2 2

Obtain the best action-by-action configuration tutorial for any Cisco ASA 5500 Firewall product In this article.

Comments are closed.