cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
535
Views
0
Helpful
6
Replies

(TWO OUTSIDE INTERFACES) ONE FOR A HOST AND OTHER FOR OTHERS HOSTS

leandro.candido
Level 1
Level 1

Hi all,

I have a ASA 5510 with 2 interfaces outside that 2 internet links are connected it.

I need to do that a host in inside netwok goes out by a interface outise and others host goes out by other interface.

Someone know how can I to do this?

6 Replies 6

r.malviya
Level 1
Level 1

Hi ,

Please Update with more details wat exactly you want ..

1) You want policy based routing ( which not possible in asa)

2) You have inside network (10.10.10.0/24) & you have 2 differnet subnet which is connected to 2 different internet pipes , Your target if request is coming for the 1st network then its will move to 1st internet link & if request is coming for another subnet then it move to another internet link .which can be possible through Policy nat .

please update with details .

Regards

Ritesh Malviya

Malviya,

I beleave that PBR could solve this problem, but is not supported in ASA.

I have two internet links main and secondary (2 outside interfaces) and 1 inside interface.

I need to permit that a only host goes out by a of secondary internet link, while all others host goes out by the main link.

The subnet is the same.

roshan.maskey
Level 1
Level 1

Hi,

This is possible only if all your inside network goes by doing PolicyNAT.

Lets consider the following.

interface outsideA: ip= A.A.A.A

interface outsideB: ip= B.B.B.B

interface insideH. ip=H.H.H.1

Your two hosts:

H.H.H.A and H.H.H.B

Note: This configuration only works if your inside host uses your outside interface IP for internet access.

Commands:

access-list internetA extended permit ip host H.H.H.A any

access-list internetB extended permit ip host H.H.H.B any

global (outsideA) 2 interface

gloabl (outsideB) 3 interface

nat (inside) 2 access-list internetA

nat (inside) 3 access-list internetB

Hi maskey,

I did what you suggest, but because I have two link I wasn't able to configure a default route for each link.

route internetA 0.0.0.0 0.0.0.0 x.x.x.x

route internetB 0.0.0.0 0.0.0.0 y.y.y.y

Someone know how can I configure two defaults routes in ASA?

Thanks

Hi,

The default routing pointing to internet should be like this:

Assuming your two outside interfaces are named:

outsideA

outsideB

the default route to internet should be:

route outsideA 0.0.0.0 0.0.0.0 x.x.x.x

route outsideB 0.0.0.0 0.0.0.0 y.y.y.y

Test the connection using packet tracer

source IP: H.H.H.A

src port: 2000

protocol: tcp

dest public IP: P.P.P.P

dst port: 80

Review the packet tracer output closely

repeat with inside ip: H.H.H.B

Roshan, did you get this working, trying to setup the same configuration (Two ISP's)

If so how did the routeing work ?

Thanks in Advance !

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: