I have an ASA 5520. I have 4 ge ports. Port 0 is the Outside interface (connected to a T1 with VPN tunnels remote sites), Port 1 is inside, Port 2 is a VPN tunnel to our disaster recovery site and port 3 is open (connected to a FIOS line). What I am trying to do is to get all Internet traffic to use port 3. However, it wants to use the outside interface all the time. I have to keep the outside interface up and running and so far when I try to make port 3
the port for internet access, I lose connectivity to our remote sites via the T1 on port 0. How can I direct just port 80 and 443 traffic to use port 3 on the ASA?
It is this hack that I mentioned not to use. This static gets into the xlate table and pretty much tells the firewall that all addresses live on the OUT_3 interface.
For example when the IPS device issues a "shun x.x.x.x" or a shun is issued from the ASA CLI for any address (including the inside subnets for which static routes exist) it gets sent out the OUT_3 interface even if you intend for it to go out the other interfaces due to this.
Pls. use a layer 3 device upstream and use PBR.