ASA 5520 with two ISP?s. Question I want to use both for services insideDMZ

Unanswered Question
May 29th, 2007

Hi folks, I want to use two ISP?s (Internet_1 and Inernet_2)both I had valid IP?s. I configured the NAT as following:

Real IP :

NAT (Internet_1):

Real IP :

NAT (Internet_2):

All my network uses the interface IP of Internet_1 for access Internet (NAT_access_Internet)and my Default gateway is from Internet_1. The problem is with NAT on Internet_2. The NAT to my DMZ works but when the packet reply to the host in Global Internet it uses the Internet_1 and my connection drop. (see file)



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
cpembleton Tue, 05/29/2007 - 12:15

Not possible for dynamic connections. If you only had certain IP's it was communicating with you could do it with static routes. Otherwise your default route will be used.

What does your outside Interfaces connect to? If you had a router there you could use policy based routing to NAT/PAT and set the default route to either interface based on what IP it came from.

or you could just use one as a backup link.



ronaldo.melo Wed, 05/30/2007 - 05:36

Hi Chad,

You are right. I will try do the first option at the Router of Internet.




This Discussion