By   March 31, 2017

In this post I will clarify how to configure a Cisco ASA 5505 firewall to connect to twin ISPs for redundancy applications. Suppose that we have a most important substantial-pace ISP relationship, and a less costly DSL line related to a Secondary ISP. Typically all of our targeted traffic really should movement by the most important ISP. If the most important backlink fails, the secondary DSL relationship really should be used for Internet obtain. Make sure you take note that the higher than state of affairs is legitimate only for Outbound targeted traffic (i.e. from our internal community to the Internet). The functionality that I will explain under is effective for ASA 5505 variation seven.2(one) and higher than.

Assume that we are assigned a static General public IP tackle of one hundred.one hundred.one hundred.one from Major ISP and another static General public IP tackle of 200.200.200.one from our Backup ISP. We will use Ethernet / for connecting to Major ISP, Ethernet /one for connecting to our Interior LAN, and Ethernet /2 for connecting to our Backup ISP. We will create a few VLANs to assistance our configuration. VLAN1 (the default Vlan) will be assigned to Ethernet /one (inside of), VLAN2 will be assigned to Ethernet / (most important-isp) and VLAN3 will be assigned to Ethernet /2 (backup-isp). We also have to configure two static default routes pointing to the ISP gateway tackle. The most important ISP default route shall have a metric of one and the backup ISP default route shall have a metric bigger than one (let us say 2). Permit us see the configuration under:

ASA5505(config)# interface ethernet /
ASA5505(config-if)# switchport obtain vlan 2
ASA5505(config-if)# no shutdown

ASA5505(config)# interface ethernet /one
ASA5505(config-if)# switchport obtain vlan one
ASA5505(config-if)# no shutdown

ASA5505(config)# interface ethernet /2
ASA5505(config-if)# switchport obtain vlan three
ASA5505(config-if)# no shutdown

ASA5505(config)# interface vlan one
ASA5505(config-if)# nameif inside of
ASA5505(config-if)# safety-level one hundred
ASA5505(config-if)# ip tackle 192.168.one.one 255.255.255.
ASA5505(config-if)# no shutdown

ASA5505(config)# interface vlan 2
ASA5505(config-if)# nameif most important-isp
ASA5505(config-if)# safety-level
ASA5505(config-if)# ip tackle one hundred.one hundred.one hundred.one 255.255.255.
ASA5505(config-if)# backup interface vlan three
ASA5505(config-if)# no shutdown

ASA5505(config)# interface vlan three
ASA5505(config-if)# nameif backup-isp
ASA5505(config-if)# safety-level one
ASA5505(config-if)# ip tackle 200.200.200.one 255.255.255.
ASA5505(config-if)# no shutdown

ASA5505(config)# route most important-isp … … one hundred.one hundred.one hundred.2 one
ASA5505(config)# route backup-isp … … 200.200.200.2 2

Obtain the greatest move-by-move configuration tutorial for any Cisco ASA 5500 Firewall design Listed here.