Configure Backup ISP Redundancy on Cisco ASA 5505 Firewall

Author : harryfryer113
Publish Date : 2021-04-06


Configure Backup ISP Redundancy on Cisco ASA 5505 Firewall

In this article I will explain how to configure a Cisco ASA 5505 firewall to connect to dual ISPs for redundancy purposes. Suppose that we have a primary high-speed ISP connection, and a cheaper DSL line connected to a Secondary ISP. Normally all of our traffic should flow through the primary ISP. If the primary link fails, the secondary DSL connection should be utilized for Internet access. Please note that the above scenario is valid only for Outbound traffic (i.e. from our internal network towards the Internet). The functionality that I will describe below works for ASA 5505 version 7.2(1) and above.

Assume that we are assigned a static Public IP address of 100.100.100.1 from Primary ISP and another static Public IP address of 200.200.200.1 from our Backup ISP. We will use Ethernet 0/0 for connecting to Primary ISP, Ethernet 0/1 for connecting to our Internal LAN, and Ethernet 0/2 for connecting to our Backup ISP. We will create three VLANs to support our configuration. VLAN1 (the default Vlan) will be assigned to Ethernet 0/1 (inside), VLAN2 will be assigned to Ethernet 0/0 (primary-isp) and VLAN3 will be assigned to Ethernet 0/2 (backup-isp). We also have to configure two static default routes pointing to the ISP gateway address. The primary ISP default route shall have a metric of 1 and the backup ISP default route shall have a metric bigger than 1 (let's say 2). Let us see the configuration below:

ASA5505(config)# interface ethernet 0/0
ASA5505(config-if)# switchport access vlan 2
ASA5505(config-if)# no shutdown

ASA5505(config)# interface ethernet 0/1
ASA5505(config-if)# switchport access vlan 1
ASA5505(config-if)# no shutdown

ASA5505(config)# interface ethernet 0/2
ASA5505(config-if)# switchport access vlan 3
ASA5505(config-if)# no shutdown

ASA5505(config)# interface vlan 1
ASA5505(config-if)# nameif inside
ASA5505(config-if)# security-level 100
ASA5505(config-if)# ip address 192.168.1.1 255.255.255.0
ASA5505(config-if)# no shutdown

ASA5505(config)# interface vlan 2
ASA5505(config-if)# nameif primary-isp
ASA5505(config-if)# security-level 0
ASA5505(config-if)# ip address 100.100.100.1 255.255.255.0
ASA5505(config-if)# backup interface vlan 3
ASA5505(config-if)# no shutdown

ASA5505(config)# interface vlan 3
ASA5505(config-if)# nameif backup-isp
ASA5505(config-if)# security-level 1
ASA5505(config-if)# ip address 200.200.200.1 255.255.255.0
ASA5505(config-if)# no shutdown

ASA5505(config)# route primary-isp 0.0.0.0 0.0.0.0 100.100.100.2 1
ASA5505(config)# route backup-isp 0.0.0.0 0.0.0.0 200.200.200.2 2

In this article I will explain how to configure a Cisco ASA 5505 firewall to connect to dual ISPs for redundancy purposes. Suppose that we have a primary high-speed ISP connection, and a cheaper DSL line connected to a Secondary ISP. Normally all of our traffic should flow through the primary ISP. If the primary link fails, the secondary DSL connection should be utilized for Internet access. Please note that the above scenario is valid only for Outbound traffic (i.e. from our internal network towards the Internet). The functionality that I will describe below works for ASA 5505 version 7.2(1) and above.

https://haqueacademy.instructure.com/eportfolios/66630/Britta/Top_Recommended_500710_Exam
https://haqueacademy.instructure.com/eportfolios/66630/Britta/Top_Demanded_500901_Exam
https://haqueacademy.instructure.com/eportfolios/66630/Britta/Top_Demanded_5V04120_Exam
https://haqueacademy.instructure.com/eportfolios/66630/Britta/Top_Quality_62193_Exam
https://haqueacademy.instructure.com/eportfolios/66628/Katie/Top_Rated_700020_Exam

Assume that we are assigned a static Public IP address of 100.100.100.1 from Primary ISP and another static Public IP address of 200.200.200.1 from our Backup ISP. We will use Ethernet 0/0 for connecting to Primary ISP, Ethernet 0/1 for connecting to our Internal LAN, and Ethernet 0/2 for connecting to our Backup ISP. We will create three VLANs to support our configuration. VLAN1 (the default Vlan) will be assigned to Ethernet 0/1 (inside), VLAN2 will be assigned to Ethernet 0/0 (primary-isp) and VLAN3 will be assigned to Ethernet 0/2 (backup-isp). We also have to configure two static default routes pointing to the ISP gateway address. The primary ISP default route shall have a metric of 1 and the backup ISP default route shall have a metric bigger than 1 (let's say 2). Let us see the configuration below:

ASA5505(config)# interface ethernet 0/0
ASA5505(config-if)# switchport access vlan 2
ASA5505(config-if)# no shutdown

ASA5505(config)# interface ethernet 0/1
ASA5505(config-if)# switchport access vlan 1
ASA5505(config-if)# no shutdown

ASA5505(config)# interface ethernet 0/2
ASA5505(config-if)# switchport access vlan 3
ASA5505(config-if)# no shutdown

ASA5505(config)# interface vlan 1
ASA5505(config-if)# nameif inside
ASA5505(config-if)# security-level 100
ASA5505(config-if)# ip address 192.168.1.1 255.255.255.0
ASA5505(config-if)# no shutdown

ASA5505(config)# interface vlan 2
ASA5505(config-if)# nameif primary-isp
ASA5505(config-if)# security-level 0
ASA5505(config-if)# ip address 100.100.100.1 255.255.255.0
ASA5505(config-if)# backup interface vlan 3
ASA5505(config-if)# no shutdown

ASA5505(config)# interface vlan 3
ASA5505(config-if)# nameif backup-isp
ASA5505(config-if)# security-level 1
ASA5505(config-if)# ip address 200.200.200.1 255.255.255.0
ASA5505(config-if)# no shutdown

ASA5505(config)# route primary-isp 0.0.0.0 0.0.0.0 100.100.100.2 1
ASA5505(config)# route backup-isp 0.0.0.0 0.0.0.0 200.200.200.2 2

In this article I will explain how to configure a Cisco ASA 5505 firewall to connect to dual ISPs for redundancy purposes. Suppose that we have a primary high-speed ISP connection, and a cheaper DSL line connected to a Secondary ISP. Normally all of our traffic should flow through the primary ISP. If the primary link fails, the secondary DSL connection should be utilized for Internet access. Please note that the above scenario is valid only for Outbound traffic (i.e. from our internal network towards the Internet). The functionality that I will describe below works for ASA 5505 version 7.2(1) and above.

Assume that we are assigned a static Public IP address of 100.100.100.1 from Primary ISP and another static Public IP address of 200.200.200.1 from our Backup ISP. We will use Ethernet 0/0 for connecting to Primary ISP, Ethernet 0/1 for connecting to our Internal LAN, and Ethernet 0/2 for connecting to our Backup ISP. We will create three VLANs to support our configuration. VLAN1 (the default Vlan) will be assigned to Ethernet 0/1 (inside), VLAN2 will be assigned to Ethernet 0/0 (primary-isp) and VLAN3 will be assigned to Ethernet 0/2 (backup-isp). We also have to configure two static default routes pointing to the ISP gateway address. The primary ISP default route shall have a metric of 1 and the backup ISP default route shall have a metric bigger than 1 (let's say 2).



Category :education

100% Success with Latest Salesforce PDII Exam Questions

100% Success with Latest Salesforce PDII Exam Questions

- 100% Success with Latest Salesforce PDII Exam Questions


Latest Updated [2021] Practice Oracle 1Z0-520 Exam Dumps

Latest Updated [2021] Practice Oracle 1Z0-520 Exam Dumps

- As the practice is really a incredibly critical part of taking the Oracle 1Z0-520 Exam Dumps .


Online Science Education - Resources For K to 12 Educators and Home School Parents

Online Science Education - Resources For K to 12 Educators and Home School Parents

- Are you looking for online science education resources to support teaching K-12 science? There are many resources on the internet


Juggling Caregiving And A Full-Time Job

Juggling Caregiving And A Full-Time Job

- Juggling Caregiving And A Full-Time Job