I've seen some posts where the following scenario is working and most other posts that state that the following scenario cannot be accomplished on an ASA 5510.
We have an ISP that is pushing out two separate public IP ranges, and we are to implement an ASA 5510. The setup will be:
ISP --> Cisco 2800 --> ASA 5510 --> Internal network.
The Cisco 2800 has three interfaces:
ip route 0.0.0.0 18.104.22.168
We want the ASA to be set up as follows:
e0 outside 22.214.171.124/28
e1 outside2 126.96.36.199/29
e3 inside 192.168.0.0/16
The caveats are that both public ranges must be active at the same time. The public addresses have web servers attached to them. We also cannot use multiple security contexts (virtual firewalls) on this ASA because we want it to negotiate remote user VPN connections.
The problems that I have run into is that traffic will not respond on one range while the default route (eigrp or static) is set to one interface or another.
Can this be done? If so, how? I've looked at doing a default route on multiple tracks, and that didn't do the trick.
Right. This cannot be done. The only way I can think of is policy based routing on the upstream router to use both ISPs (based on source IP address) and the ASA translate them to two diff. block of IPs based on diff. interfaces.
ASA inside 912.168.x.x
ASA dmz - 10.10.10.x (ASA will translate these to Z.Z.Z.Z)
ASA outside - y.y.y.y
Router on the outside if sees a packet with z.z.z.z will send it via interface-1 and if it sees packets with source ip y.y.y.y will send it out via interface-2.
Would this work for you?