ASA dua ISP

ggozzi · ‎05-22-2007

Hy

I've installed an asa 5510 7.2.2

with dual interface outside.

The default route is on first ISP interface with track on secondary link

I've this necessity for the outgoing traffic:

All traffic except smtp exit from default route; smtp traffic must be exit from secondary isp.

In asa is possible use a policy routing?

If yes how is possible to do?

Thanks and regards

mchin345 · ‎05-28-2007

ASA with 7.2(1) or later having the feature redundancy or backup. Outgoing traffic uses the primary Internet service provider (ISP) and then the secondary ISP, if the primary fails.

Use the static route tracking feature on the Security Appliance in order to enable the device to use redundant or backup Internet connections. This feature enables the Security Appliance to continuously query and monitor a remote device/IP address on the Internet Control Message Protocol (ICMP) echo, which in this case is a remote default gateway for ISP. If ICMP monitoring detects that the device is down, then a backup route works instead.

Refer this link:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

ggozzi · ‎05-28-2007

I've no problem with the backup route it works fine.

My proble is:

For mail purpose I've to use the backup route

I ask if it's possible make a policy routing for the smtp protocol instead of a static route for the mail server.

In attachment you find part of configuration