Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5510 with two internet connections

Hi,

I am planning to use a ASA 5510 for the following scenario:

1) two security-zones: one for office, one for exposed services such as mail-relay etc. (dmz)

2) one leased line/frame-relay routed via CISCO 2600 is connected to the outside interface of ASA; from within the dmz a set of private IPs will be NATed to official IPs

This already works fine, if the default route is set to the CISCO router (172.20.78.1) - so I can access a web-server inside the dmz from outside

3) Another ADSL-line (dynamic IP) should be used for normal browsing from office security-zone.

Interface PAT is working fine, if the default gateway is set to the ADSL-router (172.16.3.1).

My questions is now, how can I get both working? Meaning using ADSL from the office-zone and leased-line for dmz/exposed services?

Thanks

/bjoern

4 REPLIES
Cisco Employee

Re: ASA 5510 with two internet connections

ASA is not a load balancer...so if you are looking to have 2 default gateways working simultaneously... this is not possible..

are you trying to access Internet from both the lines at the same time ? if yes then probably policy based routing or load balancing on router would be a better choice...

New Member

Re: ASA 5510 with two internet connections

Thanks for your reply.

In fact, I don't want to do load balancing.

One interface (having a subnet of official IPs) should be used for exposed services (private IPs on DMZ are NATed statically).

The other connection should be used for browsing from the office-zone. This is a ADSL connection, which has a dynamic IP (doing PAT).

Does ASA support policy-based routing? Does it mean, that I can specificy based on the source (so dmz- or office-zone) to whict outside-interface traffic is routed?

Thanks

/bjoern

Cisco Employee

Re: ASA 5510 with two internet connections

two default gateways at the same time will not work in ASA...PBR is not possible on ASA:-(

However as a workaround..if ya ready to spend for a simple 1700 series router then you can point the entire Default gateway traffic to Router and then router may be configured for the PBR..

New Member

Re: ASA 5510 with two internet connections

Thanks for your update!

I have seen, that route-maps are supported on ASA but it looks like, that it does not support all features needed (feature-set on a router is much more complex).

So there is no way to just have a default route pointing to my leased-line router (having the static IPs) and a host-route which just routes the traffic (which comes from office-zone and therefore is PATed to be sent out via ADSL) to the IP of the ADSL-router (which will be only used for browsing, no exposed services) ?

Thanks

/bjoern

1099
Views
0
Helpful
4
Replies
CreatePlease login to create content