ASA 5505 Routing

Unanswered Question
Oct 5th, 2009

Hi I have a cisco ASA 5505, and we have one ADSL internet connection and 1 leased line to the internet. I would like to connect both of these circuits to the ASA and also have a DMZ VLAN. The Inside Lan address will be directly connected to a Microsoft EBS security server which is also connected to the LAN. Is it possible to set this up and route all web browsing traffic out the ADSL and SMTP, VPN, HTTP traffic through the leased line. Can someone help and tell me how I should configure the firewall? Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Mon, 10/05/2009 - 09:41


What you need is PBR (Policy Based Routing) which allows you to specify the next hop or outgoing interface based on the traffic type. Unfortunately the ASA does not support PBR, for this you would need a router running the firewall feature set.

Edit - actually rereading your requirments it may be possible. If you want to use the ADSL for all internet browsing from internal clients then you could set the default-route on the ASA to be the ADSL next-hop.

If all the traffic via the leased line ie. HTTP and SMTP is for incoming traffic ie. you are hosting web servers/mail servers then you can simply present these servers with an IP out of the leased line range if you have spare or the leased line interface IP address on your ASA.



This Discussion