ASA dua ISP

Unanswered Question
May 22nd, 2007
User Badges:

Hy

I've installed an asa 5510 7.2.2

with dual interface outside.

The default route is on first ISP interface with track on secondary link

I've this necessity for the outgoing traffic:

All traffic except smtp exit from default route; smtp traffic must be exit from secondary isp.

In asa is possible use a policy routing?

If yes how is possible to do?

Thanks and regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mchin345 Mon, 05/28/2007 - 11:27
User Badges:
  • Silver, 250 points or more

ASA with 7.2(1) or later having the feature redundancy or backup. Outgoing traffic uses the primary Internet service provider (ISP) and then the secondary ISP, if the primary fails.


Use the static route tracking feature on the Security Appliance in order to enable the device to use redundant or backup Internet connections. This feature enables the Security Appliance to continuously query and monitor a remote device/IP address on the Internet Control Message Protocol (ICMP) echo, which in this case is a remote default gateway for ISP. If ICMP monitoring detects that the device is down, then a backup route works instead.


Refer this link:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

ggozzi Mon, 05/28/2007 - 23:59
User Badges:

I've no problem with the backup route it works fine.

My proble is:

For mail purpose I've to use the backup route

I ask if it's possible make a policy routing for the smtp protocol instead of a static route for the mail server.

In attachment you find part of configuration



Attachment: 

Actions

This Discussion