ASA behind Cisco router

Unanswered Question
Apr 19th, 2007

I have a customer who is adding a second internet T1. The ISP delivers the Internet as ethernet via their CSU/DSU. It seems the ASA cannot load balance two outside interfaces so I seem to have to add a router between the ASA and both ISP connections. Can I just do a 1:1 NAT from the 831 and ASA (their interfaces to each other being on a seperate subnet). This client does run VPN and have inbound translations, which I assume I would just change on the ASA to accept from the router, with the router accepting all traffic. Any advice?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
richardsav Sat, 04/28/2007 - 11:43

Hi, i have a similar setup at a couple of sites. i use an edge router with X2 leased lines. i run a subnet between the asa outside and the e0 on the router. NAT on the router with statics for in bound services on what ever int the applicable traffic arrives on on the router; also have ipsec traffic coming in. I then use PBR for outband traffic.


This Discussion