Exchange 2003/2007 Change User name and email address

source : http://www.amset.info/exchange/usernamechange.asp


User Name Changes
Author: Simon Butler, Exchange MVP, MCSE
Last Page Review: 06/07/2009
A common request is to to adjust the personal details for a user, usually female after a wedding (or a divorce).
This can also be asked for when someone replaces another member of staff.

However, you do have a number of options available to you when making the change. The options depend on how adamant the user is about their former name being totally eradicated.

The Alias Issue

Changing most settings in Exchange is quite easy and is outlined below.

The significant issue is the alias of the account. This is seen by the user's in their auto complete menu, and is the part in < > : Jane Smith .

While you can change the alias quite easily in Active Directory Users and Computers (Exchange 2003) or Exchange Management Console (Exchange 2007), this does have consequences, mainly for other people, not the user who is changing their name.

Auto complete entries will no longer work. They will need to be deleted and reselected from the Global Address List.
No one will be able to automatically reply to old email that has been sent by the user under the old alias. When clicking Reply they will need to find the user, delete them from the list of recipients and select them from the Global Address List.
You may also have problems with users in Outlook 2003 or higher and cached mode. They could have inaccurate information until a new Offline Address Book is generated.
New email and external email (whether inbound or outbound) is not affected.

The same issues occur if you rename an account totally - so the account shows Jane Smith

Method One - User Account Rename

If the user is happy for the alias to show the old name, then you can simply rename the account and update display names. This method is not recommended for a new member of staff, as it can cause confusion.

While this is a fairly straightforward process if not done correctly can mean a mixture of the old and the new name appearing throughout the system.

You should also time the change carefully. Make the change out of hours so that old inaccurate information is shown in the GAL for the shortest amount of time. If you have users on cached mode in Outlook 2003 and higher, make the change and then generate a new OAB so that they have an opportunity to get the latest information as soon as possible.

Exchange 2003

Use ADUC on the Exchange 2003 server. Ensure that the user is logged off when making the change. If a newlywed, during the honeymoon is a perfect time to make the changes.

Start ADUC and find the user listed.
Right click on the user and choose Rename. Correct the name as required and press enter.
A new dialogue box should not be brought up, which gives you the opportunity to correct all aspects, including the username.
In the example below, we are changing "Hazel Taylor" in to "Hazel Smith".



After pressing ok the main name change has been completed.
Exchange 2007

For Exchange 2007, open the properties of the user in the Exchange Management Console and adjust the name as required. If you want to change the user's login name and personal directory, then you will need to use ADUC.

Email Addresses

You shouldn't forget to adjust the email address of the user to take in to account the new name.

Right click on user again, and choose Properties.
Click on the "Email Addresses" tab.
Add the new email address in the same format as your existing email addresses. Leave the old address in place.
Change the default address to the new one.
By doing this, any email sent in on the old address will still be delivered, but all new email will go out with the new address.
With Exchange 2007, the Email Address Policy should update the email address to the new name. After that has happened, simply add the previous email address to the list.

Other Settings

If you are using some kind of personal drive space on the server that is mapped by username (ie \\server\%username% then you need to rename the folder.
On the workstation while the login will be in the new format, the folder in Documents and Settings will be in the old name, and will continue to work. If you want to change that as well, it is best to create a new profile.
Login as an administrator and rename the profile. A good suggestion is to add the suffix .old - "username.old"
Login as the user again and a new profile will be created. Copy data and settings from the old profile.
Outlook 2002 (and higher) Auto Complete

One thing that you cannot control is the auto complete on the latest versions of Outlook. You will need to instruct your users on how to clear the old name from the Auto Complete cache, then select the new name from the GAL fresh. Once the new name has been selected once, it will populate the auto complete list.
More information on Auto Complete and working with its cache can be found here.

Method Two - New Account

The second method that you can deal with a user changing their name is to create a new account. The old account is left in place.

To ensure that all email is caught, do the following...

Create the new account as normal, and populate it with the correct (new) email address, group memberships etc.
Put a new dummy SMTP address on to the old account and set it as default.
Remove the existing SMTP addresses from the old account and put them on to the new account. This means that any email coming in from outside on the old address is delivered to the new mailbox.
Exmerge the contents of the old mailbox and import it in to the new one.
Configure a forward on the old account to forward to the new account. For Exchange 2003 do this in Active Directory Users and Computers, User Properties, Exchange General, Delivery Options. For Exchange 2007 do this in the Exchange Management Console, Mail Flow Settings, Delivery Options.
Hide the account from the global address list, remove its group memberships etc. The account is no longer required for anything other than email, so can have most settings removed.
Setup the workstation etc and move the data around to limit the impact of the new account on the user - as explained above under "Other Settings".
The end result on this method is that other's auto complete entries continue to work, replies to old emails get delivered directly (via the old m

CISCO FLASH - Delete files and director from flash of a cisco router

You can use : erase flash:

But if you don't want to be prompted to confirm or if the directory content a sub directory of file, you should use the following command:

delete /force/recursive flash:

e.g.

delete /flash/recursive flash:/phone

BEST NTP SERVER FOR VOICE_LAB

I am using 2 ntp servers for my home voip_system - home lab

ntp server 204.9.54.119
ntp server 129.6.15.29

How To Configure Dual ISP Backup with Cisco ASA 5505 Firewall

How To Configure Dual ISP Backup with Cisco ASA 5505 Firewall by Harris Andrea
in Networks

SOURCE: http://www.goarticles.com/cgi-bin/showa.cgi?C=1446826

In this article I will explain how to configure a Cisco ASA 5505 firewall to connect to dual ISPs for redundancy purposes. Suppose that we have a primary high-speed ISP connection, and a cheaper DSL line connected to a Secondary ISP. Normally all of our traffic should flow through the primary ISP. If the primary link fails, the secondary DSL connection should be utilized for Internet access. Please note that the above scenario is valid only for Outbound traffic (i.e. from our internal network towards the Internet). The functionality that I will describe below works for ASA 5505 version 7.2(1) and above.


Assume that we are assigned a static Public IP address of 100.100.100.1 from Primary ISP and another static Public IP address of 200.200.200.1 from our Backup ISP. We will use Ethernet 0/0 for connecting to Primary ISP, Ethernet 0/1 for connecting to our Internal LAN, and Ethernet 0/2 for connecting to our Backup ISP. We will create three VLANs to support our configuration. VLAN1 (the default Vlan) will be assigned to Ethernet 0/1 (inside), VLAN2 will be assigned to Ethernet 0/0 (primary-isp) and VLAN3 will be assigned to Ethernet 0/2 (backup-isp). We also have to configure two static default routes pointing to the ISP gateway address. The primary ISP default route shall have a metric of 1 and the backup ISP default route shall have a metric bigger than 1 (let's say 2). Let us see the configuration below:



ASA5505(config)# interface ethernet 0/0
ASA5505(config-if)# switchport access vlan 2
ASA5505(config-if)# no shutdown



ASA5505(config)# interface ethernet 0/1
ASA5505(config-if)# switchport access vlan 1
ASA5505(config-if)# no shutdown



ASA5505(config)# interface ethernet 0/2
ASA5505(config-if)# switchport access vlan 3
ASA5505(config-if)# no shutdown



ASA5505(config)# interface vlan 1
ASA5505(config-if)# nameif inside
ASA5505(config-if)# security-level 100
ASA5505(config-if)# ip address 192.168.1.1 255.255.255.0
ASA5505(config-if)# no shutdown



ASA5505(config)# interface vlan 2
ASA5505(config-if)# nameif primary-isp
ASA5505(config-if)# security-level 0
ASA5505(config-if)# ip address 100.100.100.1 255.255.255.0
ASA5505(config-if)# backup interface vlan 3
ASA5505(config-if)# no shutdown



ASA5505(config)# interface vlan 3
ASA5505(config-if)# nameif backup-isp
ASA5505(config-if)# security-level 1
ASA5505(config-if)# ip address 200.200.200.1 255.255.255.0
ASA5505(config-if)# no shutdown



ASA5505(config)# route primary-isp 0.0.0.0 0.0.0.0 100.100.100.2 1
ASA5505(config)# route backup-isp 0.0.0.0 0.0.0.0 200.200.200.2 2

Exchange 2003 - Recipient Policy Variables - email address

%g --- Given Name (first Name)
%i --- Miggle Initials
%s --- Surname (LAst Name)
%d --- Display Name
%m --- Exchange Alias

Examples

%1g.%s@tititec.com - will give you -- m.nkounkou@tititec.com
%g.%s@tititec.com - will give you -- martial.nkounkou@tititec.com

How to create an invisible folder - folder without a name

1- create a new folder
2- double clic on the folder to rename it (or right clic the folder and choose rename)
3- delete the old name
4- Press ALT+01696 (on the numbering pad please)
(it means press Alt and without releasing it type 0196 on your num pad)
5- release Alt and press enter.

Now you have a folder without a name -

Intervlan Communication - Answer part 2

Create SVI interfaces and enable routing on the L3 switch 3550 - SW_C
Check if the Vlans 10 and 20 show up in SW_C
(Vlan10 and 20 should show up because all switches belong to the same VTP domain.

SW3550_C>en
Password:
SW3550_C#sh vlan brief

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/6, Fa0/7, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/19, Fa0/20, Fa0/21
Fa0/23, Fa0/24, Gi0/1, Gi0/2
10 ACCOUNTING active
20 SALES active Fa0/5
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup

Enabling routing in L3 switch.

SW3550_C#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW3550_C(config)#ip routing


Creating SVI interfaces.

SW3550_C(config)#int vlan 10
SW3550_C(config-if)#ip add
*Mar 6 01:58:43.513: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up10.10.10.254 255.255.255.0
SW3550_C(config-if)#no shut
SW3550_C(config-if)#exit
SW3550_C(config)#int vlan 20
SW3550_C(config-if)#ip add 20.20.20.254 255.255.255.0
SW3550_C(config-if)#no shut
SW3550_C(config-if)#^Z

Now let verify.


SW3550_C#sh ip int brief
Interface IP-Address OK? Method Status Protocol
Vlan1 192.168.1.201 YES NVRAM up up
Vlan10 10.10.10.254 YES manual up up
Vlan20 20.20.20.254 YES manual up up
FastEthernet0/1 unassigned YES unset down down
FastEthernet0/2 unassigned YES unset down down
FastEthernet0/3 unassigned YES unset up up
FastEthernet0/4 unassigned YES unset up up
FastEthernet0/5 unassigned YES unset down down
FastEthernet0/6 unassigned YES unset down down
FastEthernet0/7 unassigned YES unset down down
FastEthernet0/8 unassigned YES unset down down
FastEthernet0/9 unassigned YES unset up up
FastEthernet0/10 unassigned YES unset up up
FastEthernet0/11 unassigned YES unset down down
FastEthernet0/12 unassigned YES unset down down
FastEthernet0/13 unassigned YES unset down down
FastEthernet0/14 unassigned YES unset down down
FastEthernet0/15 unassigned YES unset down down
FastEthernet0/16 unassigned YES unset down down
FastEthernet0/17 unassigned YES unset down down
FastEthernet0/18 unassigned YES unset down down
FastEthernet0/19 unassigned YES unset down down
--More--
SW3550_C#sh int vlan 10
Vlan10 is up, line protocol is up
Hardware is EtherSVI, address is 000e.831d.ce80 (bia 000e.831d.ce80)
Internet address is 10.10.10.254/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:01:59, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
1 packets output, 60 bytes, 0 underruns
0 output errors, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
SW3550_C#sh int vlan 10 20
Vlan20 is up, line protocol is up
Hardware is EtherSVI, address is 000e.831d.ce80 (bia 000e.831d.ce80)
Internet address is 20.20.20.254/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:06:10, output 00:01:46, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 47
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
27 packets input, 2538 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
8324 packets output, 748820 bytes, 0 underruns
2 output errors, 0 interface resets
0 output buffer failures, 0 output buffers swapped out


Now let verify if HOSTS in vlan 10 are able to ping HOSTS in vlan 20.

HostA_R3_2801#ping 20.20.20.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
HostA_R3_2801#ping 20.20.20.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)


Nothing is working - what is the problem?

The default gateway must be setup on all hosts.
Remember my hosts are routers that I am simulated as PC-

The default gateway for each vlan is the int vlan configured in L3 switch.

HostA_R3_2801#conf t
Enter configuration commands, one per line. End with CNTL/Z.
HostA_R3_2801(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.254
HostA_R3_2801(config)#^Z
HostA_R3_2801#
access_server#2
[Resuming connection 2 to r4 ... ]

HostB_r4_3640#cof t nf t
Enter configuration commands, one per line. End with CNTL/Z.
HostB_r4_3640(config)#ip route 0.0.0.0 0.0.0.0 20.20.20.254
HostB_r4_3640(config)#^Z
HostB_r4_3640#wr
Building configuration...

access_server#3
[Resuming connection 3 to r5 ... ]
[OK]
HostC_R5_3640#
HostC_R5_3640#conf t
Enter configuration commands, one per line. End with CNTL/Z.
HostC_R5_3640(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.254
HostC_R5_3640(config)#^Z
HostC_R5_3640#wr
Building configuration...

access_server#4
[Resuming connection 4 to r6 ... ]

*Mar 21 06:
HostD_R6_3640#conf t
Enter configuration commands, one per line. End with CNTL/Z.
HostD_R6_3640(config)#ip route 0.0.0.0 0.0.0.0 20.20.20.254
HostD_R6_3640(config)#^Z
HostD_R6_3640#wr
Building configuration...


Now is the moment of truth-
Intervlan communication
let ping hosts in different vlan


HostA_R3_2801#ping 20.20.20.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.2, timeout is 2 seconds:
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 1/2/4 ms
HostA_R3_2801#ping 20.20.20.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
HostA_R3_2801#
access_server#
[Resuming connection 1 to r3cme ... ]

HostA_R3_2801#ping 20.20.20.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/4 ms
HostA_R3_2801#ping 20.20.20.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
HostA_R3_2801#
access_server#4
[Resuming connection 4 to r6 ... ]

HostD_R6_3640#ping 20.20.20.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
HostD_R6_3640#ping 20.20.20.1 10.10.10.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
HostD_R6_3640#ping 10.10.10.1 2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/3/4 ms
HostD_R6_3640#ping 10.10.10.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
HostD_R6_3640#

Intervlan Communication - Answer part 1

Create Vlans and assigning interfaces to Vlan

SW2950_A#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2950_A(config)#vlan 10
SW2950_A(config-vlan)#name ACCOUNTING
SW2950_A(config-vlan)#exit
SW2950_A(config)#vlan 20
SW2950_A(config-vlan)#name SALES
SW2950_A(config-vlan)#exit
SW2950_A(config)#int fa0/13
SW2950_A(config-if)#desc HOST A
SW2950_A(config-if)#sw mode acc
SW2950_A(config-if)#sw acc vlan 10
SW2950_A(config-if)#int fa0/14
SW2950_A(config-if)#desc HOST B
SW2950_A(config-if)#sw mode acc
SW2950_A(config-if)#sw acc vlan 20
SW2950_A(config-if)#^Z

Because of all of the switches are in the same VTP domain,
vlans created in SW_A will show up in SW_B and SW_C

SW12_B>en
Password:
SW12_B#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW12_B(config)#exit
SW12_B#sh vlan brief
5d01h: %SYS-5-CONFIG_I: Configured from console by console

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Gi0/1, Gi0/2
10 ACCOUNTING active
20 SALES active
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup

SW12_B#sh vtp status
VTP Version : 2
Configuration Revision : 31
Maximum VLANs supported locally : 250
Number of existing VLANs : 7
VTP Operating Mode : Server
VTP Domain Name : CCNP
VTP Pruning Mode : Enabled
VTP V2 Mode : Enabled
VTP Traps Generation : Disabled
MD5 digest : 0xAB 0x67 0x8C 0xDD 0x95 0x8D 0x0F 0xEA
Configuration last modified by 192.168.1.202 at 3-6-93 01:48:40
Local updater ID is 192.168.1.203 on interface Vl1 (lowest numbered VLAN interface found)


I am going to put HOST C and D in vlan 10 and 20 respectively.

SW12_B(config)#
5d01h: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to up
SW12_B(config)#int fa0/3
SW12_B(config-if)#desc HOST C
SW12_B(config-if)#sw mode acc
SW12_B(config-if)#sw acc vlan 10
SW12_B(config-if)#int fa0/4
SW12_B(config-if)#desc HOST D
SW12_B(config-if)#sw mode acc
SW12_B(config-if)#sw acc vlan 20


Now I am going to test pinging all HOSTS

From HOST A, I am going to ping HOST C
(HOST A and C are in the same vlan 10 - I should be able to ping it)
HostA_R3_2801#ping 10.10.10.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms


From HOST B, I am going to ping HOST D
HOST B and D are in the same vlan 20 - I should be able to ping it)


HostB_r4_3640#ping 20.20.20.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

HOSTS IN VLAN 10 ARE NOT ABLE TO PING HOSTS IN VLAN 20

HostB_r4_3640#ping 10.10.10.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Intervlan communication and dual vlan - home lab

Route to CCNP
I am "in" with the BCMSN training. The Network top above is my home work for this weekend.

I can going to post my conf on sunday.

Configure DUAL ISP BACKUP CONNECTION WITH CISCO ASA

Source : http://www.goarticles.com/cgi-bin/showa.cgi?C=1446826

In this article I will explain how to configure a Cisco ASA 5505 firewall to connect to dual ISPs for redundancy purposes. Suppose that we have a primary high-speed ISP connection, and a cheaper DSL line connected to a Secondary ISP. Normally all of our traffic should flow through the primary ISP. If the primary link fails, the secondary DSL connection should be utilized for Internet access. Please note that the above scenario is valid only for Outbound traffic (i.e. from our internal network towards the Internet). The functionality that I will describe below works for ASA 5505 version 7.2(1) and above.


Assume that we are assigned a static Public IP address of 100.100.100.1 from Primary ISP and another static Public IP address of 200.200.200.1 from our Backup ISP. We will use Ethernet 0/0 for connecting to Primary ISP, Ethernet 0/1 for connecting to our Internal LAN, and Ethernet 0/2 for connecting to our Backup ISP. We will create three VLANs to support our configuration. VLAN1 (the default Vlan) will be assigned to Ethernet 0/1 (inside), VLAN2 will be assigned to Ethernet 0/0 (primary-isp) and VLAN3 will be assigned to Ethernet 0/2 (backup-isp). We also have to configure two static default routes pointing to the ISP gateway address. The primary ISP default route shall have a metric of 1 and the backup ISP default route shall have a metric bigger than 1 (let's say 2). Let us see the configuration below:



ASA5505(config)# interface ethernet 0/0
ASA5505(config-if)# switchport access vlan 2
ASA5505(config-if)# no shutdown



ASA5505(config)# interface ethernet 0/1
ASA5505(config-if)# switchport access vlan 1
ASA5505(config-if)# no shutdown



ASA5505(config)# interface ethernet 0/2
ASA5505(config-if)# switchport access vlan 3
ASA5505(config-if)# no shutdown



ASA5505(config)# interface vlan 1
ASA5505(config-if)# nameif inside
ASA5505(config-if)# security-level 100
ASA5505(config-if)# ip address 192.168.1.1 255.255.255.0
ASA5505(config-if)# no shutdown



ASA5505(config)# interface vlan 2
ASA5505(config-if)# nameif primary-isp
ASA5505(config-if)# security-level 0
ASA5505(config-if)# ip address 100.100.100.1 255.255.255.0
ASA5505(config-if)# backup interface vlan 3
ASA5505(config-if)# no shutdown



ASA5505(config)# interface vlan 3
ASA5505(config-if)# nameif backup-isp
ASA5505(config-if)# security-level 1
ASA5505(config-if)# ip address 200.200.200.1 255.255.255.0
ASA5505(config-if)# no shutdown



ASA5505(config)# route primary-isp 0.0.0.0 0.0.0.0 100.100.100.2 1
ASA5505(config)# route backup-isp 0.0.0.0 0.0.0.0 200.200.200.2 2



DOWNLOAD the best step-by-step configuration tutorial for any Cisco ASA 5500 Firewall model Here.