Re: ASA5520 with Two ISP's

cowetacoit · ‎04-25-2008

I have an ASA5520. It's been running fine with my one ISP, about 3 one to one NAT's and PAT to one outside IP. My question is, i recently added a second ISP that is going to used for one subnet on my LAN. What i did is treated that one subnet just as all of my other subnets, pointed a static route from core switch to the ASA. I also added a static route for it back to the core switch. I created a PAT for that subnet to the new ISP IP address. Added the new IP to a new outside interface. When i try to get out to the internet on a PC, i can't. When i debug the ASA it gives a PORTMAP TRANSLATION CREATION FAILED FOR (protocol, src ip and dest ip). Any suggestions? Is this a bug or am i just missing something?

ajuma · ‎04-29-2008

I imagine it's due to having your default route on one interface, but you're translating out the other interface. Not 100% positive though.

farkascsgy · ‎04-30-2008

Hello,

As I know ASA supports only one ISP at the same time, you can have a backup Internet line and in case of the failure of the first one it falls back to the backup. You should configure route tracking.

Please rate me if I helped.

bye

FCS

kapish.mohole · ‎04-30-2008

Are you trying to load balance on both ISPs, and are they directly connected on your ASA?

Please put here the configuration.

Regards

farkascsgy · ‎05-01-2008

Please see the below article about dual ISP, this is the way how ASA can handle Dual ISP..

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

bye

FCS

Please rate me if I helped

cowetacoit · ‎05-01-2008

Not trying to load balance. I have one subnet on my network that needs to go to ISO2 because they are PC's that the public access and ISP2 is a content filtered connection from the state. I need the PC's on my network to manage, but at the same time, go out ISP2. All other traffic go out ISP1.