05-16-2010 05:45 PM - edited 03-11-2019 10:46 AM
Question:
We are in the process of migrating our ISP from two Sprint T1s to a 20Mb Fiber based connection. I have a new front end router(2911) that will be in front of the ASA, and I have an empty interface on the ASA. Can I use both connections concurrently? I'm not trying to load balance or anything like that, and the new interface will have a new class C addresses. I want to be able to continue to use the T1s while I can slowly move services over to the new ISP and new interface on the ASA, and then eventually retire the original Outside interface for the T1s.
Is this possible? I figured that if I assign the interface the IP, setup the ACLs, and NATs, it would work, but I know that my default route, 0.0.0.0 is pointing to the IP of my router for my T1s.
Thanks in advance.
05-16-2010 06:10 PM
Unfortunately you can not have 2 default gateways concurrently pointing out from 2 different ASA interfaces. ASA is a stateful firewall, hence all traffic inbound and outbound should be symmetric, therefore, it can't have 2 default gateways pointing towards 2 different ASA interfaces.
Hope that answers your question.
05-16-2010 06:33 PM
So would the suggestion to be make an all-in-one switch to the new ISP and public addresses?
05-16-2010 06:42 PM
Absolutely.. either L3 switch or router is capable of routing via different link.
I assume that your public range is already currently assigned to the current ASA outside interface, right?
05-16-2010 07:03 PM
Yes I have IPs on my original Outside interface, and I will have a new
class C on this new interface.
On May 16, 2010, at 9:43 PM, "halijenn"
05-16-2010 07:16 PM
Assuming that after configuring the new interface with the new IP, you will be moving the default gateway on the ASA from the existing outside, to the new interface, right?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: