Вы находитесь на странице: 1из 2

Dual ISP Configuration on Cisco ASA 5505

This is article that explains how to configure dual ISPs on a Cisco ASA 5505 firewall for redundancy purpose. Suppose we have a primary high-speed ISP connection, and a cheaper DSL line connected to a Secondary ISP. Normally all of our traffic should flow through the high speed primary ISP. If the primary link fails, the secondary DSL connection should be utilized for Internet access. Please note that the above scenario is valid only for outbound traffic (i.e. from our internal network towards the Internet). The below configuration will works for ASA 5505 version 7.2(1) and above. Now we assigned a static Public IP address of 150.150.150.2 from Primary ISP and another static Public IP address of 160.160.160.2 from our Backup ISP. We will use Ethernet 0/0 for connecting to Primary ISP, Ethernet 0/1 for connecting to our Internal LAN, and Ethernet 0/2 for connecting to our Backup ISP. We will create three VLANs to support our configuration. VLAN1 (the default Vlan) will be assigned to Ethernet 0/1 (inside), VLAN2 will be assigned to Ethernet 0/0 (primary-isp) and VLAN3 will be assigned to Ethernet 0/2 (backup-isp). We also have to configure two static default routes pointing to the ISP gateway address. The primary ISP default route shall have a metric of 1 and the backup ISP default route shall have a metric bigger than 1 (lets say 2). Let us see the configuration below: ASA5505(config)# interface ethernet 0/0 ASA5505(config-if)# switchport access vlan 2 ASA5505(config-if)# no shutdown ASA5505(config)# interface ethernet 0/1 ASA5505(config-if)# switchport access vlan 1 ASA5505(config-if)# no shutdown ASA5505(config)# interface ethernet 0/2 ASA5505(config-if)# switchport access vlan 3 ASA5505(config-if)# no shutdown ASA5505(config)# interface vlan 1 ASA5505(config-if)# nameif inside ASA5505(config-if)# security-level 100 ASA5505(config-if)# ip address 172.16.1.1 255.255.255.0 ASA5505(config-if)# no shutdown ASA5505(config)# interface vlan 2 ASA5505(config-if)# nameif primary-isp ASA5505(config-if)# security-level 0 ASA5505(config-if)# ip address 150.150.150.2 255.255.255.0 ASA5505(config-if)# backup interface vlan 3 ASA5505(config-if)# no shutdown http://blog.router-switch.com/

ASA5505(config)# interface vlan 3 ASA5505(config-if)# nameif backup-isp ASA5505(config-if)# security-level 1 ASA5505(config-if)# ip address 160.160.160.2 255.255.255.0 ASA5505(config-if)# no shutdown ASA5505(config)# route primary-isp 0.0.0.0 0.0.0.0 150.150.150.1 1 ASA5505(config)# route backup-isp 0.0.0.0 0.0.0.0 160.160.160.1 2 More Cisco Firewall Tips: Example Show: How to Configure a Cisco ASA 5540 for Video Conferencing for Polycom Device? Cisco Released Cisco ASA Software 9.0 Cisco Guide: Migration of Cisco PIX 500 Series to Cisco ASA 5500 Series How to Configure Cisco ASA 5505 Firewall?

http://blog.router-switch.com/