cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1368
Views
0
Helpful
4
Replies

ASA 5510 with two internet connections

bjoerndaehn
Level 1
Level 1

Hi,

I am planning to use a ASA 5510 for the following scenario:

1) two security-zones: one for office, one for exposed services such as mail-relay etc. (dmz)

2) one leased line/frame-relay routed via CISCO 2600 is connected to the outside interface of ASA; from within the dmz a set of private IPs will be NATed to official IPs

This already works fine, if the default route is set to the CISCO router (172.20.78.1) - so I can access a web-server inside the dmz from outside

3) Another ADSL-line (dynamic IP) should be used for normal browsing from office security-zone.

Interface PAT is working fine, if the default gateway is set to the ADSL-router (172.16.3.1).

My questions is now, how can I get both working? Meaning using ADSL from the office-zone and leased-line for dmz/exposed services?

Thanks

/bjoern

4 Replies 4

abinjola
Cisco Employee
Cisco Employee

ASA is not a load balancer...so if you are looking to have 2 default gateways working simultaneously... this is not possible..

are you trying to access Internet from both the lines at the same time ? if yes then probably policy based routing or load balancing on router would be a better choice...

Thanks for your reply.

In fact, I don't want to do load balancing.

One interface (having a subnet of official IPs) should be used for exposed services (private IPs on DMZ are NATed statically).

The other connection should be used for browsing from the office-zone. This is a ADSL connection, which has a dynamic IP (doing PAT).

Does ASA support policy-based routing? Does it mean, that I can specificy based on the source (so dmz- or office-zone) to whict outside-interface traffic is routed?

Thanks

/bjoern

two default gateways at the same time will not work in ASA...PBR is not possible on ASA:-(

However as a workaround..if ya ready to spend for a simple 1700 series router then you can point the entire Default gateway traffic to Router and then router may be configured for the PBR..

Thanks for your update!

I have seen, that route-maps are supported on ASA but it looks like, that it does not support all features needed (feature-set on a router is much more complex).

So there is no way to just have a default route pointing to my leased-line router (having the static IPs) and a host-route which just routes the traffic (which comes from office-zone and therefore is PATed to be sent out via ADSL) to the IP of the ADSL-router (which will be only used for browsing, no exposed services) ?

Thanks

/bjoern

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: