I have an ASA firewall version 9.9 in my office network. I have terminated 2 different Internet connections on it and I want to use both of them at the same time to utilize them properly. Though I do not wish to have redundancy for internet. 

Please suggest how to configure the ASA firewall in such a way that both LAN can send traffic to their respective internets at the same time.

Do you have default routes configured towards both ISPs or is there any BGP protocol running ? 

Thanks for picking it up. 

Yes default routes are configured for both of the ISPs. ISP1 is pppoe connections and a default route is learned from them and for ISP2 a default route needs to be configured on ASA.

Guys - Can 2 default routes installed on the routing table of an ASA firewall ? 

Hello Kamal,

2 default routes can not be installed in the routing table in ASA. This is problem I am facing here in my scenario. ASA is receiving a default route from ISP1 via pppoe and other default route is required for routing traffic towards other ISP2 but we can not install 2 default routes on the ASA so ISP2 default route should be having high administrative value.

route 0.0.0.0 0.0.0.0 <gw-ip-ISP1> 

route 0.0.0.0 0.0.0.0 <gw-ip-ISP2> 50 

only 1st default route is installed on routing table so traffic is always moving to this ISP1 but not via other ISP2. 

can some please look into this and provide a solution? 

That's true, you can not install 2 default on the ASA firewall routing table. Now you have one default route for ISP which is installed on the ASA routing table and other is having AD 50. 

In this case you can use policy based routing in order to utilize both of the internet links at the same time. Let internet traffic from ISP1 LAN go via ISP using the default route installed and match the traffic from ISP2 LAN in an access list call that access list in the route map and set the next hop of ISP2. Apply this route map on the inbound direction on ISP2 LAN interface. 

Thank you guys for helping me out,

Here is the below configuration where both internets are working as active and active. ISP1 LAN traffic is going via ISP1 and ISP2 LAN traffic will go via ISP2. 

This configuration is perfectly working for me. I hope this will also help others. 

!

interface GigabitEthernet0/0

 description "ISP2"

 nameif OUTSIDE_ISP2

 security-level 0

 ip address 61.x47.xx4.x 255.255.255.0

 no shutdown

!

interface GigabitEthernet0/1

 description "ISP1"

 nameif OUTSIDE_ISP1

 security-level 0

 pppoe client vpdn group pppoe

 ip address pppoe setroute

 no shutdown

!

interface GigabitEthernet0/2

 description "ISP2 LAN"

 nameif INSIDE_ISP2_LAN

 security-level 100

 ip address 192.168.2.1 255.255.255.0

 policy-route route-map ISP2_PBR_RM

 no shutdown

!

interface GigabitEthernet0/3

 description "ISP1 LAN"

 nameif INSIDE_ISP1_LAN

 security-level 100

 ip address 192.168.1.1 255.255.255.0

 no shutdown

!

vpdn group pppoe request dialout pppoe

vpdn group pppoe localname xxxxxxxx

vpdn group pppoe ppp authentication chap

vpdn username xxxxxxxx password xxxxxxxxx

!

object network ISP1_LAN

 subnet 192.168.1.0 255.255.255.0

 nat (INSIDE_ISP1_LAN,OUTSIDE_ISP1) dynamic interface

!

object network ISP2_LAN

 subnet 192.168.2.0 255.255.255.0

 nat (INSIDE_ISP2_LAN,OUTSIDE_ISP2) dynamic interface

!

access-list ISP2_PBR_ACL extended permit ip 192.168.2.0 255.255.255.0 any

!

route-map ISP2_PBR_RM permit 10

 match ip address ISP2_PBR_ACL

 set ip next-hop 61.x47.xx4.1

!

route-map ISP2_PBR_RM permit 20

!

route OUTSIDE_ISP2 0.0.0.0 0.0.0.0 61.x47.xx4.1 50

!

access-group OUTSIDE_ISP2->INSIDE_ISP2_LAN in interface OUTSIDE_ISP2

access-group OUTSIDE_ISP1->INSIDE_ISP1_LAN in interface OUTSIDE_ISP1

!

dhcpd address 192.168.2.26-192.168.2.250 INSIDE_ISP2_LAN

dhcpd dns 8.8.8.8 4.2.2.2 interface INSIDE_ISP2_LAN

dhcpd enable INSIDE_ISP2_LAN

!

dhcpd address 192.168.1.26-192.168.1.250 INSIDE_ISP1_LAN

dhcpd dns 8.8.8.8 4.2.2.2 interface INSIDE_ISP1_LAN

dhcpd enable INSIDE_ISP1_LAN

!

NOTE: Default route received from ISP1 via pppoe is installed on the ASA routing table and other default route towards ISP2 has AD 50.

Appreciate guys, I got the solution in this article. This seems to be useful. At one of the Singapore branch in my organization has similar setup.  

Informative post!! Appreciate