Multiple WAN on ASA5510

Unanswered Question
Aug 31st, 2008

I have an ASA5510 that is configured with site-to-site VPN (4 sites), static and dynamic NAT.

I've configured a second WAN interface (outside2) to a new DSL circuit to split out traffic for : a) VPN and b) all other services.

I've enabled dynamic NAT on the new WAN, made it my default route and disabled dynamic NAT on the old WAN (outside1).

All the services on the new WAN circuit work fine.

BUT - my traffic is not routing properly now that the old WAN is not the default route.

Any ideas as to where I've gone wrong ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marwan ALshawi Sun, 08/31/2008 - 04:12

first of all ASA firewall not like a router not able to do PBR policy based routing or loadbalancing on two WAN interface however u can make then work as primary and backup

in ur config

i think u need to do the following to make all the route go through the outside1 incase of outside1 down the route will go to outside2

for example

route outside1 [next hop ip or interface]

then increase the route metric on the second default route to make the first one the prefered

route outside2 [next hop ip or interface]

for more details see the following link will be usefull for ur case

good luck

please, if helpful Rate

Steve Babcock Sun, 08/31/2008 - 05:29

I thought that this was a static route issue of some sort. just need to point the vpn traffic onto the right interface

Could OSPF help in this instance ?

Steve Babcock Sun, 08/31/2008 - 07:05

Will purchasimg Cisco ASA 5510 Security Plus license allow me to load balance ?


This Discussion