I am trying to configure an ASA 5520 with AIP to have the DMZ use one internet provider and the regular internet users use another. Can it be done? The internet users are behind the 5520 on another ASA 5520 running the CSC module. I have the second ASA addressed as 172.16.10.2 on the outside, and the first ASA 172.16.10.1 on the inside and translating that traffic to the internet via G0/0. The DMZ is setup on G0/2 with static translations and ACL to go out G0/1. So far only internet works for the inside and dmz, but I cant connect to the external sites on the DMZ, nor ping anything on it with the allow icmp all in the acl. I ran a debug and I see the packets hitting and getting translated, but no outgoing traffic. Is there a way to have traffic from one interface use one outside int3erface, and traffic from the other use the other outside interface?