I have an ASA 5505 with a T1 (outside, 18.104.22.168) as the primary route, then a DSL line (backup, 22.214.171.124) as secondary, all with LAN (inside, 192.168.1.1).
Right now it successfully injects the backup route if the outside goes down, then switches back over when the T1 comes back up. This is working fine.
My problem is that I have an Exchange Server (192.168.1.5, 192.168.1.6 secondary IP) living on the LAN and I need to be able to send/receive email traffic while the backup route is in place.
Another problem is that while I have multiple static IP's on the T1 side, I only have one on the DSL side.
I just created an access-list for the backup and put it in place. I'm going to show a couples lines of the config. Could someone please tell me if I have it correct?
access-list mainacl extended permit tcp any host 126.96.36.199 eq smtp
access-list backupacl extended permit tcp any host 188.8.131.52 eq smtp
static (inside,outside) 184.108.40.206 192.168.1.5 netmask 255.255.255.255
static (inside,backup) tcp interface smtp 192.168.1.6 smtp netmask 255.255.255.255
access-group mainacl in interface outside
access-group backupacl in interface backup
This is a live ASA so I haven't tested it yet. But assuming the T1 (outside) goes down and the DSL (backup) becomes live, should the above ACL kick in and all should work?
If so then I can adjust our hosted mail security to use the failover, also.
Thanks for any help or tips