How To Configure Dual Isp Backup With Cisco Asa 5505 Firewall

In this article I will explain how to configure a Cisco ASA 5505 firewall to connect to dual ISPs for redundancy purposes. Suppose that we have a primary high-speed ISP connection, and a cheaper DSL line connected to a secondary ISP. Normally all of our traffic should flow through the primary ISP. If the primary link fails, the secondary DSL connection should be utilized for Internet access. Please note that cisco router the above scenario is valid only for Outbound traffic (i. e. from our internal network  towards the Internet). The functionality that i will describe below works for ASA 5505 version 7. 2(1) and above. Assume that we are assigned a static Public IP address of 100. 100. 100. 1 from Primary ISP and another static Public IP address of 200. 200. 200. 1 from our Backup ISP. We will use Ethernet 0/0 for connecting to Primary ISP, Ethernet 0/1 for connecting to our Internal LAN, and Ethernet 0/2 for connecting to our Backup ISP. We will create three VLANs to support our configuration. VLAN1 (the default Vlan) will be assigned to Ethernet 0/1 (inside), VLAN2 will be assigned to Ethernet 0/0 (primary-isp) and VLAN3 will be assigned to Ethernet 0/2 (backup-isp). We also have to configure lan controller two static default routes pointing to the ISP gateway address. The primary ISP default route shall have a metric of 1 and the backup ISP default route shall have a metric bigger than 1 (let's say 2). Let us see the configuration below: ASA5505(config)# interface ethernet 0/0 ASA5505(config-if)# switchport access vlan 2 ASA5505(config-if)# no shutdown ASA5505(config)# interface ethernet 0/1 ASA5505(config-if)# switchport access vlan 1 ASA5505(config-if)# no shutdown ASA5505(config)#  interface ethernet 0/2 ASA5505(config-if)# switchport access vlan 3 ASA5505(config-if)# no shutdown ASA5505(config)# interface vlan 1 ASA5505(config-if)# nameif inside ASA5505(config-if)# security-level  100 ASA5505(config-if)# ip cisco module address 192. 168. 1. 1 255. 255. 255. 0 ASA5505(config-if)# no shutdown ASA5505(config)# interface vlan 2 ASA5505(config-if)# nameif primary-isp ASA5505(config-if)# security-level 0 ASA5505(config-if)# ip address 100. 100. 100. 1 255. 255. 255. 0 ASA5505(config-if)# backup interface vlan 3 ASA5505(config-if)# no shutdown ASA5505(config)# interface vlan 3 ASA5505(config-if)# nameif backup-isp ASA5505(config-if)# security-level 1 ASA5505(config-if)# ip address 200. 200. 200. 1 255. 255. 255. 0 ASA5505(config-if)# no shutdown ASA5505(config)# route primary-isp 0. 0. 0. 0 0. 0. 0. 0 100. 100. 100. 2 1 ASA5505(config)# route backup-isp 0. 0. 0. 0 0. 0. 0. 0 200. 200. 200. 2 2 DOWNLOAD the best step-by-step configuration tutorial for any Cisco ASA 5500 Firewall model Here.
http://www.cisco-onlines.com/