I'm making a lab to provide two Internet connections to my network environment. Topology and configuration files are attached. Let me try to explain you:
- I have two ISP connections with their respective CIDRs (IP address block);
- I won't allocate a public AS;
- My connections must provide traffic inside to outside (users navigating in Internet) and vice-versa (servers in a DMZ).
My routers are both configured with HSRP (two groups). The A router is primary for one address and the B router is primary for the other one. I put two default routes on the ASA pointing to the two VIPs.
On my DMZ, I have one FTP server. ASA is configured with enabled NAT control. So, I created a static NAT to permit external users to connect to this server. Access control was already made.
I'm facing a problem. Even with ASA having two default routes, it insists to use only one. My tests showed me that it was using only one of the two VIPs. Plus, I'll provide VPN access in this same ASA box.
So, I'm asking you to help me to find a configuration of this environment so I can both provide traffic from and to Internet as long as VPN too.