(TWO OUTSIDE INTERFACES) ONE FOR A HOST AND OTHER FOR OTHERS HOSTS

Unanswered Question
Apr 13th, 2009

Hi all,

I have a ASA 5510 with 2 interfaces outside that 2 internet links are connected it.

I need to do that a host in inside netwok goes out by a interface outise and others host goes out by other interface.

Someone know how can I to do this?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
r.malviya Mon, 04/13/2009 - 11:33

Hi ,

Please Update with more details wat exactly you want ..

1) You want policy based routing ( which not possible in asa)

2) You have inside network (10.10.10.0/24) & you have 2 differnet subnet which is connected to 2 different internet pipes , Your target if request is coming for the 1st network then its will move to 1st internet link & if request is coming for another subnet then it move to another internet link .which can be possible through Policy nat .

please update with details .

Regards

Ritesh Malviya

leandro.candido Mon, 04/13/2009 - 11:58

Malviya,

I beleave that PBR could solve this problem, but is not supported in ASA.

I have two internet links main and secondary (2 outside interfaces) and 1 inside interface.

I need to permit that a only host goes out by a of secondary internet link, while all others host goes out by the main link.

The subnet is the same.

roshan.maskey Mon, 04/13/2009 - 16:48

Hi,

This is possible only if all your inside network goes by doing PolicyNAT.

Lets consider the following.

interface outsideA: ip= A.A.A.A

interface outsideB: ip= B.B.B.B

interface insideH. ip=H.H.H.1

Your two hosts:

H.H.H.A and H.H.H.B

Note: This configuration only works if your inside host uses your outside interface IP for internet access.

Commands:

access-list internetA extended permit ip host H.H.H.A any

access-list internetB extended permit ip host H.H.H.B any

global (outsideA) 2 interface

gloabl (outsideB) 3 interface

nat (inside) 2 access-list internetA

nat (inside) 3 access-list internetB

leandro.candido Mon, 04/13/2009 - 17:40

Hi maskey,

I did what you suggest, but because I have two link I wasn't able to configure a default route for each link.

route internetA 0.0.0.0 0.0.0.0 x.x.x.x

route internetB 0.0.0.0 0.0.0.0 y.y.y.y

Someone know how can I configure two defaults routes in ASA?

Thanks

roshan.maskey Mon, 04/13/2009 - 20:45

Hi,

The default routing pointing to internet should be like this:

Assuming your two outside interfaces are named:

outsideA

outsideB

the default route to internet should be:

route outsideA 0.0.0.0 0.0.0.0 x.x.x.x

route outsideB 0.0.0.0 0.0.0.0 y.y.y.y

Test the connection using packet tracer

source IP: H.H.H.A

src port: 2000

protocol: tcp

dest public IP: P.P.P.P

dst port: 80

Review the packet tracer output closely

repeat with inside ip: H.H.H.B

Actions

This Discussion