Cisco WAN :: Dual DHCP ISPs On ASA5505?

Jul 1, 2012

I've been searching the net for days now trying to configure the ASA5505 for dual DHCP ISP use. All guides available assume you have one static.
After realizing that it required a Security Plus license to even configure 3 VLANs.
I can choose a backup interface in ASDM. It even says dual ISP enabled. Why cant there be a guide or simple configuration example or am I the only one looking for this kind of solution?
Customer has two ADSL internet connections and want to switch between them if they fail. No load balancing required.

View 2 Replies


Cisco WAN :: Dual ISPs In ASA 5520

Jul 10, 2011

We got 2 ISPs -------> two ASA 5520 Primary / secondary --------> LAN . ASA is configured with ACL and Static NAT for our mail , web & ftp servers .
My question is how to configure the 2nd ISP on the ASA to auto switch to the 2nd ISP when the 1st is down with a backup static NAT and backup ACL for the new ISP , in other words how to configure a active static NAT and Backup Static NAT and ACL only for Exchange/Mail Server.Here is the example of our configuration where PIE is Primary ISP & EMC is Backup ISP.
ASA Version 8.2(1)
hostname Corp-ASA
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted

View 1 Replies View Related

Cisco Firewall :: Dual ISPs On ASA 5505

Dec 5, 2011

We have a cisco ASA 5505 with sec bundle plus
We have two ISP's:
ISP1 (Our IP =, gateway
ISP2 (Our IP = dynamic, gateway - ADSL 
Our internal LAN IP range is
We want to configure the ASA 5505 to allow users via ISP2 for http traffic We then want to use ISP1 for strictly VPN and access to internal web resources (eg OWA) as we have public IP's there.
Our idea was to configure two gateways on the ASA (e.g. via ISP2 and via ISP1)
Then give the users gateway for web browsing etc Is this configuration possible on the ASA 5505?

View 4 Replies View Related

Cisco Firewall :: ASA 5520 For Dual Active ISPs

Dec 14, 2011

I inherited a network redesign project mid implementation and ran across an issue that I was not 100% sure able to be resolved.  Implementation is occurring in which the organization is changing over to a different ISP and we have some customers that will not be able to change their settings over to our new addresses from some time.  I have seen a lot of posts about fail over and dual ISP configurations, but I could not relate them to this particular scenario.

View 3 Replies View Related

Cisco WAN :: WAN / Dual ISPs - Can ASA 5505 Do Load Balancing As Well

Jan 24, 2010

I want to link ASA 5505 to two ISP's for backup purpsose. I can see this configuration example here url...
Question - does the ASA 5505 do load balancing as well for both connections - is there an example somewhere? (I do not want to buy two ASA 5505's!) which seems the only way I could find configuration details for!

View 6 Replies View Related

Cisco Firewall :: ASA 5505 Split Traffic On Dual ISPs

Jul 31, 2012

I have an ASA 5505 current f/w & the security plus license (to get the 3 nameif interfaces). Can I split traffic between two ISPs, (VPN traffic to one destination on a T-1 on one VLAN, and all other traffic using DSL to another VLAN) and using a different nat policy on both? I know load balacing isn't supported, only failover. I was just wondering if there was a way to make this work.

View 3 Replies View Related

Cisco Firewall :: ASA 5510 Nat / Routing DMZ With Dual ISPs (4 Legged)?

Apr 11, 2013

I am in the process of configuring a ASA 5510 to replace an older PIX.  This change is part of migrating to a new ISP, so the process is complicated by the existence of two outside interfaces.  I have virtually everything working, but there is a requirement to be able to access hosts from the internal networks using both their private IPs and their public IPs.  The older PIX took care of this silently with little configuration, but the ASA has me twisted on the details.  Some of the hosts with public IPs are on the internal network and some are on a DMZ (not my design, inherited).  For the internal ones I implemented hairpinning to take care of the requirement, but I am having trouble with the DMZ based hosts.. Since there are two external interfaces each internal host has two IPs and two static NAT rules to handle incoming traffic from each external interface.
The routins and dynamic NAT entries we have in place take care of accessing the hosts using their private IPs on the DMZ, but I cannot figure out how to get the public IPs to work from the internal network.  It seems like a simple Static D-Nat shoudl do it, but when I add a Static D-Nat on the DMZ the public IP works, but the private IP breaks..  Is there a way to get them both to operate ?
Network layout looks like this (IP ranges altered):

DMZ Class C
Outside  Class C
Outside2  Class C


After applying it I could access the public IP ( from the internal network, but I could no longer access the DMZ IP ( from the internal network. Is there any way to get this configuration to allow access to both IPs from the internal network ?
The problem here is that there are website links based on the public IP and the DNS is split so DNS returns the internal IP to users. As a result both need to be accessible from the internal network.. Not my favorite design, but the client (or in this case the boss) is always right so I need to get it working somehow.

View 8 Replies View Related

Cisco Firewall :: ASA5510 With Dual ISPs And Static NAT On Backup

Dec 12, 2012

Looking to have an ASA5510 with two internet feeds. Moreover, I would like to have my static nat translations continue to work on the backup feed. I have outbound nat working, however I cannot get the inbound nat to work. I had this all figured out in 7.x but now with 8.x I cannot seem to get it working. If anyone has a 8.x example config.

View 4 Replies View Related

Cisco VPN :: Dual ISPs On ASA5510 And Remote Access Client

Jul 7, 2012

i have two public IPs on ASA5510 + Remote Access VPN Client, what i want to achieve is, i want VPN client users to be able to login using any of the two ISP's IP to remote connection to the ASA. what is the command to use to achieve this.
Secondly, i have setup the primary link VPN through ASDM but thinking i should do the same thing and add the "backup" interface.

View 1 Replies View Related

Cisco Firewall :: ASA505 - 2 Sets Of NAT Rules To Accommodate Dual ISPs

Oct 10, 2012

I am setting up an ASA550 ver 7.2(3) - does this need upgrading?I have my ISP interfaces setup as primary and backup I have a static route pointing out:route primary 1 Question:Do I put the next static route to be route secondary 254 Will this set a high metric on the secondary route that will only take effect if the primary route is down? I assume I will need to have 2 sets of NAT rules to accommodate the dual ISP's

View 1 Replies View Related

Cisco VPN :: ASA 5510 With Dual ISPs Split Traffic Between VPNs And Internet

Jul 1, 2011

I need to know how to setup my ASA with dual wan links. 1 is 10/10 fiber, other will be a 50/5 Cable Wideband link. The 10/10 fiber is currnetly being used for VPN's and Internet, (about 20 point to point IPSEC vpn's currently).
I want to add the Wideband link and use the "Tunneled (Default gateway for VPN traffic)", feature for the current fiber link and the new Wideband link for any other internet traffice. I tried this however as soon as I set my fiber link to "Tunneled (Default gateway for VPN traffic), I lost all connectivity.
I also setup my "VPN" link with the "tunneled" option and my "INTERNET" link with a default route to the internet. This would only let me ping internet sites from the ASA device but not from client computers, also the VPN's would not come backup.
I have tried the sla setting with a DSL line for failover and that works good, i've since got rid of the DSL and want to utilize 2 wan links for different purposes/traffic.
ASA 5510, SSM-10      1GB RAM
ASA version                8.4(1)
ASDM Version            6.4(3)
Context Mode            Single
FW Mode                  Routed
License                     Security Plus

View 5 Replies View Related

Cisco VPN :: ASA5505 - Dual ISP And VPN

Nov 17, 2011

I have an ASA 5505 with the Security License running 8.4 and 6.4.5 software, I have a fully working VPN solution on there using a ISP IP - works fine. My boss wants to split the lines/bandwidth to another ISP we have coming into the office. So what I want to acheieve if possible is this Say my current isp is, my internal network is 192.168.2.x and my other ISP is - is it possible to use the ASA to accept VPN clients from both ISP's and use the internal network?

View 2 Replies View Related

Cisco VPN :: ASA5505 With Dual ISP And IPSEC?

Sep 18, 2011

I have problem with dual ISP + IPSEC on my cisco ASA5505 sec plus licence.Routing is working correct (connect to Internet from siteA is working trought 1st also second ISP) but IPSEC is working just trought the first ISP! It seemt that phase 1 and 2 of IPSEC is correct but packets are just encrypting but not decrypting.

I'm trying ping from siteA (PC - to siteB (PC -
config site A:
 ASA5505 Version 8.2(1)
 interface Vlan1
nameif inside
security-level 100
ip address
interface Vlan2


View 7 Replies View Related

Cisco Firewall :: Use Dual ISP's With ASA5505?

Oct 1, 2010

for the purpose of a redundency, incase the primary ISP goes down the backup kicks in.Can this be done with the basic license (max 3 vlans) or you need to have the security plus license. (20 vlans) Currently not using the 3rd vlan (dmz)

View 5 Replies View Related

Cisco Security :: ASA5505 Dual ISP Capability?

Jun 18, 2008

I have two ISP's and I want to channel specific traffic out of an interface based on traffic type.  Will the ASA 5505 security bundle allow me to route specific traffic out through a specific interface?

View 2 Replies View Related

Cisco Firewall :: Dual ISP And Inbound NAT ASA5505 8.2

Oct 30, 2012

I have setup an ASA5505 running 8.2 with dual ISP's
Primary link is the current live static route out and the backup picks up if the primary fails. That all works great However I have an issue with inbound NAT rules
I have configured an inbound static on the primary which works great
static (inside,primary) *.*.*.* netmask access-list outside_access_in line 2 extended permit tcp any host *.*.*.* eq 3389 (hitcnt=4)
Question? With the primary link active and the default route pointing out through the primary, am I able to configure an inbound NAT to the same inside host
on the backup link?
If the primary fails users will need to be able to connect inbound to this service
When I try to set it up I got this error ERROR: Static PAT using the interface requires the use of the 'interface' keyword instead of the interface IP address
So I tried that and got this error WARNING: All traffic destined to the IP address of the backup interface is being redirected. WARNING: Users will not be able to access any service enabled on the backup interface.
So what is the best practice for configuring inbound NAT for a dual ISP configured ASA

View 1 Replies View Related

Cisco Firewall :: ASA5505 - Dual ISP With ASA And Dynamic IPs On Outside?

Jun 3, 2012

I have a site with an ASA5505 and 2 isp connections but the catch is the 2 isp's are giving me a dynamic IP so I am unable to use this [URL]

View 3 Replies View Related

Cisco WAN :: ASA5505 / Setting Access Policies Dual Internet Connections

Jun 7, 2011

I'm trying to set up a S2S VPN between two ASA5505 SP units running ASA Version 8.2(1). I've ordered additional ADSL2 lines to handle this traffic and I'm having troubles with the configuration for the additional PPPoE connection. Here is are extracts from my current config; First the interface vlans
interface Vlan1
nameif inside
security-level 100
ip address

The result being that I can ping the OUTSIDE interface, but get no reply from the VPN interface. I've checked ADSL lines, they are up. The two PPPoE sessions are logged in and active. I can even see the ICMP packets hit the VPN interface, but there is no reply.

View 1 Replies View Related

Cisco VPN :: ASA5505 With Dhcp At Endpoint

Dec 26, 2011

I have a new customer that I installed an ASA 5505 to replace a Linksys VPN router.  They have a main office with a static IP address, 3 branch offices with static IP addresses and 2 branches that are doing DHCP from the ISP for their router address.  I have no problem getting the static VPNs up and running.  My problem is with the VPN connections that are doing DHCP.  I can go in and determine what IP they are currently using and setup a connection and it works fine.  The problem is of course when their IP address from the ISP changes, which seems to happen at least daily.  What is the proper way to setup a connection that is using DHCP?  Also, can you setup multiple connections this way?  Currently the 2 locations have different passwords setup in their routers.

View 1 Replies View Related

Cisco Firewall :: DHCP Scope Limitations For ASA5505

Feb 22, 2013

I have a ASA5505 that i have running asdm 6.4 on it and have tried setting up some DHCP scopes for the interfaces.I have the security plus key.I set up 4 interfaces all with different subnets and all with different DHCP being doled out by the firewall for the time being.Anyway, 3 of the 4 work.I have tried to change interfaces wondering if there was an issue with that phy device.I tried enableing the subnet that would not work first and it didnt matter still would not issue dhcp.the other 3 work fine.Is there a limitation to the amount of scopes that will issue dhcp for an asa5505 ?

View 3 Replies View Related

Cisco Firewall :: Get DHCP Information From ASA5505 Using SNMP?

Feb 13, 2013

I have a ASA5505 with version 8.4(3) that it's working as a DHCP server and I would like to get information about IPs availables (or assignated) on theirs pools via SNMP but I can't find the MIB or OID that I need.
What MIB that I need?

View 1 Replies View Related

Cisco Firewall :: ASA5505 Disable DHCP On ASA And Enable On WNDR3700

May 13, 2013

I have ASA5505 as my main router ( and it currently it also serves as DHCP server.  I have a WNDR3700 ( which work as an access point and it provide wireless access for wireless devices.  I have few dhcp clients where i can't setup static IP, and i want to restrict them to use static IP through MAC reservation. 

1. Make ASA5505 to do the MAC reservation f, which will be easy setup for me.  But as per my search its not possible.

2. Disable dhcp on ASA and enable dhcp on my WNDR3700.  i tired this and dhcp clients are getting IP from wndr3700, but the problem is dhcp clients gateway defaults to (as well as dns) and therefore no internet connection.

View 0 Replies View Related

Cisco Firewall :: ASA5505 / Pcs To Get Their IP Addresses Directly From DHCP Server?

Feb 7, 2012

We have a Cisco 5505 ASA fireawll at a remote site. I can get the firewall to issue the IP addresses to the pc's, Is there a way for the pc's to get their IP addresses directly from our DHCP server?

View 3 Replies View Related

Cisco Firewall :: 10-User License For ASA5505 Allows DHCP To Hand Out 32 IPs?

Dec 26, 2011

My cisco representative tells me that I am limited to 10 IP addresses for my 10 user license on an ASA 5505 even though the Cisco documentation specifically states that a 10 user license allows the maximum DHCP clients to 32 IP addresses.
I want to have 30 computers get IP addresses from the ASA, but don't need any but one or two to get outside the internal network.  Is this possible with a 10 USER license.

View 19 Replies View Related

Cisco Firewall :: 10-User License For ASA5505 Allows DHCP To Hand Out 32 IPs

Sep 27, 2011

My cisco representative tells me that I am limited to 10 IP addresses for my 10 user license on an ASA 5505 even though the Cisco documentation specifically states that a 10 user license allows the maximum DHCP clients to 32 IP addresses.
I want to have 30 computers get IP addresses from the ASA, but don't need any but one or two to get outside the internal network.  Is this possible with a 10 USER license.

View 1 Replies View Related

Dual DHCP Or Access Devices On Different Subnet?

Aug 23, 2011

I have a problem with my 2 networks which are 1000 meters apart.One is my HOME the other is my CARAVAN SITE. both networks are working fine independently, the problem occurs when i join the networks together.I need to connect the said networks together in order to view my IP cameras which are dotted all around the campsite, i need to be able to view these from HOME.The problems i am having is DHCP servers are stealing clients from the other sides and directing them to the wrong gateway.please see below network map (these routers are all running DDWRTBelow is another network map which someone on another forum told me to do but its still not working. (DHCP servers are still clashing and still stealing clients)y the way, on both of the network maps all routers are connected with the LAN interface. someone told me to connect certain routers with WAN and it didn't work, or it was not explained correctly.Also please note that assigning clients with Static IP's is completely out of the question due to most of the clients being campers who come and go

View 1 Replies View Related

Cisco Firewall :: Can ASA5505 DHCP Support 22 Bits Subnet Mask

Feb 11, 2013

I have an ASA5505 which provides internet (just internet) for about more than 600 pc/laptops. Can 5505's DHCP support this number?

View 4 Replies View Related

Cisco Firewall :: ASA 5505 - Dual ISP SLA Track With Primary PPOE Secondary DHCP

Aug 25, 2011

Cisco ASA 5505 Security Plus 1 link with PPOE dialup for internet access
desirable situation: Primary link with a PPOE dialup Secondary Link with DHCP address Asignment
Problem: i want to configure Dual ISP Failover modus, but the problem exist when i configure  the ip sla syntax it looks good in the running config. but after a reload the secondary line becomes primary
It looks like the ppoe client authentication is busy when the ip sla tracking mechanism becomes active. can i tweak the settings that the ip sla tracking mechanism starts later?
What i the correct config for Dual ISP setup with primary PPOE and secondary DHCP

View 1 Replies View Related

TP-Link Dual-Band Wireless :: Prolink Get DHCP Address From The Wan Port Of TL-WDR4300?

Jan 28, 2013

Region : Philippines
Model : TL-WDR4300
Hardware Version : V1
Firmware Version : 3.13.23 Build 120810 Rel.44064n

I have a PROLiNK H5001N ADSL Wireless Modem using bridge mode to my TL-WDR4300. I login to my ISP using the TL-WDR4300 with secondary connection to my modem so that I can open the modem setup page.

1.) My question is can the Prolink get DHCP address from the Wan Port of TL-WDR4300?

2.) Can I still use the Wifi of the modem to get internet?

3.) If I connect my ISP to Prolink then connect TL-WDR4300 thru static connection, will the NAT and Hardware NAT still work in the TL-WDR4300?

NOTE: the latest firmware built TL-WDR4300_V1_121225 seams to have internet connection lost problem after a few minutes. I reverted back to 3.12.23 and the problem is gone.

View 3 Replies View Related

TP-Link Dual-Band Wireless :: TL-WDR4300 - DHCP Not Dealing Addresses After Few Hours?

Dec 9, 2012

Region : Poland
Model : TL-WDR4300
Hardware Version : V1
Firmware Version : 3.13.23 Build 120810 Rel.44064n
ISP : [url]...

I'm having issues with DHCP server not dealing IP after few hours (varies between 1h and 8h) of torrent traffic. If no continuous torrent traffic is applied, the problem does not occur. New wireless devices connect to the wi-fi network, but get stuck on 'getting IP adress'. The problem is with DHCP service or the wireless network service. New wired devices receive IP. The problem is only with wireless devices. I have no additional wireless device, that I can configure the network settings on my own (only phones) to check if it works without DHCP server giving IP. Wired connection is stable, but the bandwidth usage curve becomes somewhat similar to a sinewave.

I did disable the hardware NAT because that feature made the router unstable and caused it to hang up within minutes.

View 7 Replies View Related

TP-Link Dual-Band Wireless :: DHCP Client List Customization On WDR4300?

Dec 6, 2012

Region : UnitedStates
Model : TL-WDR4300
Hardware Version : V1
Firmware Version : 3.13.23 Build 120810 Rel.44064n
ISP : Comcast

So I've been checking my router DHCP list and I usually use the WPS feature to add devices. I know how many devices I have and which ones are wireless etc. I've made address reservations on all the devices that I have and know of. One feature that really frustrates me (which is missing) is no way to rename a device. My iPhone is named: Reggie's iPhone yet the 4300 picks it up as Unknown... I dont understand why. I've renamed it on the iPhone to different things and restarted it but still it comes up as that. I have 2 Nexus 7s and both come up with wierd names, one is for my wife and one is for me and I wish there was a way to name it proper.

Question is: Will the name edit feature ever get added to it? I dont get why it's not there now, it's not really something major (I have a 5 year old router that even has that... and it cant even support N). It's really frustrating to have to guess and check the devices on my network because most of them come up as unknowns.

Right now I'm trying to located another device that's coming up as unknown and now matter how much I try, since the router lacks any feature to assist finding it, it's really frustrating.

something else i noticed: my DHCP List shows all the devices connected with their IP addresses, yet I went into CMD and was doing a random ping command. I'm able to ping with perfect stats back yet on my DHCP List it shows the highest IP is at Is something wrong here? Is it supposed to not pick up the IPs it gives out? And of course since there isnt a way to tell if that IP is for a WIFI or ethernet device, I have no idea what that device is...

yet i found another ip address on my network by using the ping command. actually I went ahead and did arp -a to find out all the ips with mac addresses. this is a serious flaw with the security of this router!!

View 2 Replies View Related

Linksys Wireless Router :: E4200 Dual Band Router Compatible With DHCP And VPN

Mar 18, 2012

Is the Linksys E4200 Dual Band Router compatible with DHCP and VPN?

View 1 Replies View Related

TP-Link Dual-Band Wireless :: DHCP Not Working For 6 GHz Band?

Apr 2, 2013

Region : UnitedStates
Model : TL-WDR3600
Hardware Version : V1
Firmware Version :
ISP : Centurylink

I'm using a WDR3600 router, and I'm having difficulty with getting internet access on the 5 GHz band. Right now the router is broadcasting in both 2.4 and 5 GHz as two separate APs. The 2.4 GHz band works perfectly fine, but when I connect to the 5 GHz band my device is not assigned an IP address and cannot connect to the internet (or even the router configuration page). Unfortunately, I don't have another device capable of accessing the 5 GHz band, so I can't check to see if the computer is at fault, but both the computer and the router have worked together with no problems before, and this computer has done fine in accessing other 5 GHz bands.

View 1 Replies View Related

Copyrights 2005-15, All rights reserved