Cisco ASA 5505 Security Plus License - Dual ISP

Soldato
Joined
27 Feb 2003
Posts
7,354
Location
Shropshire
Looking at this upgrade for an ASA 5505.

Does the "Dual ISP" element provide any sort of outbound load balancing over two connections or is it simply a primary / secondary fail-over setup?
 
Dual ISP just refers to static route tracking. I.e. If ISP A Gateway is not reachable, use ISP B. It uses ipsla to implement this.

You can have multiple default route's for a very basic form of load balancing, but only on the same interface, so this wouldn't work across two different ISPs.

You need a router in front of the ASA.
 
To be fair, you're doing something which is technically pretty stupid which is why they don't support it. No decent kit does, it's the draytek market which regards that as a feature rather than the horrible bodge job it is. You won't see Cisco or Juniper or anybody serious pushing that 'feature'.

Load balancing connections from different ISPs is a bad idea. Load balancing any connections is generally a bad idea, better bonding them in almost all scenarios (there are a few equal cost routing configs I use for specific situations but that's generally with multiples of 10Gig and MPLS traffic so not applicable).
 
Back
Top Bottom