Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1714
Views
0
Helpful
5
Replies

ASA with two default gateways

zac192000
Level 1
Level 1

‎02-27-2012 07:05 AM - edited ‎03-11-2019 03:35 PM

I am actually going to setup my ASA 5505 with two different outside ISPs such that half of inside lan networks will be natted into 1 ISP and other half of the inside lan networks will be natted into other ISP ,so this means

1.1.1.1/24  is our one ISP

2.2.2.2/24 is our second ISP

192.168.1.0/24 is our inside lan

Now i want 192.168.1.2-192.168.1.125 to be natted to one ISP

and 192.168.1.126-192.168.1.254 to be natted into second ISP

1hile default gateway is same i.e 192.168.1.1

so,it will be something like this

global (outside1) 1 interface

global (outside2) 2 interface

nat (inside) 1 192.168.1.1 255.255.255.128

nat (inside) 2 192.168.1.128 255.255.255.128

and then i have

route ISP1 0.0.0.0 0.0.0.0 1

route ISP2 0.0.0.0 0.0.0.0 2

Will this work that way?

Labels:
Preview file
29 KB
0 Helpful
5 Replies 5

rizwanr74
Level 7
Level 7

‎02-27-2012 07:42 AM

I see no problem on your setup, as long as you maintain same mask on the inside network.

nat (inside) 1 192.168.1.0 255.255.255.128

nat (inside) 2 192.168.1.128 255.255.255.128

0 Helpful

Patrick0711
Level 3
Level 3

‎02-27-2012 08:51 AM

route ISP1 0.0.0.0 0.0.0.0 1

route ISP2 0.0.0.0 0.0.0.0 2

You need a gateway IP address specified for each route statement.  Additionally, the bold numbers are administrative distance metrics and don't correlate to the NAT/Global configuration.

The route with the metric of 1 will always be used.  You would need to specify different destinations in the route statements for traffic to be routed across the second ISP link. 

Multiple default routes can only be used for backup ISP configurations where you would configure a SLA monitor, a track that references the monitor, and a route that references the track.

0 Helpful

zac192000
Level 1
Level 1
In response to Patrick0711

‎02-27-2012 01:48 PM

So can we do active/active load balancing or not for our both ISPs?

Sent from Cisco Technical Support iPad App

0 Helpful

Patrick0711
Level 3
Level 3

‎02-28-2012 06:04 AM

Not without a separate load balancer device.  Your only option for multiple gateways is a primary/backup config usin sla monitor and track configurations.

0 Helpful

John Peterson
Level 1
Level 1
In response to Patrick0711

‎03-20-2012 01:43 PM

Hi, is this still not possible with route-maps to point traffic to a different ISP based on source.

I guess the ASA is not able to have two default routes, but if you have the second ISP as a high AD, could you then nat certain sourse addresses to the second ISP?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card