Configure a Cisco ASA 5505 with Twin ISP Backup Relationship

In this posting I will make clear how to configure a Cisco ASA 5505 firewall to hook up to dual ISPs for redundancy applications. Suppose that we have a principal large-pace ISP connection, and a less costly DSL line linked to a Secondary ISP. Normally all of our visitors really should move by way of the principal ISP. If the principal connection fails, the secondary DSL connection really should be utilized for Internet obtain. Please notice that the previously mentioned scenario is legitimate only for Outbound visitors (i.e. from our internal community toward the Internet). The functionality that I will explain underneath is effective for ASA 5505 version seven.two(one) and previously mentioned.

Presume that we are assigned a static Community IP tackle of a hundred.a hundred.a hundred.one from Key ISP and an additional static Community IP tackle of 200.200.200.one from our Backup ISP. We will use Ethernet / for connecting to Key ISP, Ethernet /one for connecting to our Interior LAN, and Ethernet /two for connecting to our Backup ISP. We will generate three VLANs to assist our configuration. VLAN1 (the default Vlan) will be assigned to Ethernet /one (inside), VLAN2 will be assigned to Ethernet / (principal-isp) and VLAN3 will be assigned to Ethernet /two (backup-isp). We also have to configure two static default routes pointing to the ISP gateway tackle. The principal ISP default route shall have a metric of one and the backup ISP default route shall have a metric bigger than one (let’s say two). Permit us see the configuration underneath:

ASA5505(config)# interface ethernet /
ASA5505(config-if)# switchport obtain vlan two
ASA5505(config-if)# no shutdown

ASA5505(config)# interface ethernet /one
ASA5505(config-if)# switchport obtain vlan one
ASA5505(config-if)# no shutdown

ASA5505(config)# interface ethernet /two
ASA5505(config-if)# switchport obtain vlan three
ASA5505(config-if)# no shutdown

ASA5505(config)# interface vlan one
ASA5505(config-if)# nameif inside
ASA5505(config-if)# security-stage a hundred
ASA5505(config-if)# ip tackle 192.168.one.one 255.255.255.
ASA5505(config-if)# no shutdown

ASA5505(config)# interface vlan two
ASA5505(config-if)# nameif principal-isp
ASA5505(config-if)# security-stage
ASA5505(config-if)# ip tackle a hundred.a hundred.a hundred.one 255.255.255.
ASA5505(config-if)# backup interface vlan three
ASA5505(config-if)# no shutdown

ASA5505(config)# interface vlan three
ASA5505(config-if)# nameif backup-isp
ASA5505(config-if)# security-stage one
ASA5505(config-if)# ip tackle 200.200.200.one 255.255.255.
ASA5505(config-if)# no shutdown

ASA5505(config)# route principal-isp … … a hundred.a hundred.a hundred.two one
ASA5505(config)# route backup-isp … … 200.200.200.two two

Obtain the most effective action-by-action configuration tutorial for any Cisco ASA 5500 Firewall model Here.