I have an asa 5520 that I'd like to be able to load balance 2 internet providers on. I've been playing around with a possible config. interface GigabitEthernet0/0 nameif outside security-level 0 ip address 22.214.171.124 255.255.255.0 ! interface GigabitEthernet0/1 nameif dmz security-level 50 ip address 192.168.0.1 255.255.255.0 ! interface GigabitEthernet0/2 nameif outside2 security-level 0 ip address 126.96.36.199 255.255.255.0 ! interface GigabitEthernet0/3 description LAN Failover Interface ! interface Management0/0 nameif inside security-level 100 ip address 192.168.6.2 255.255.255.0 ! ! global (outside) 1 interface global (dmz) 1 interface global (outside2) 2 interface global (inside) 1 interface nat (dmz) 0 access-list dmz_nat0_outbound nat (dmz) 1 192.168.0.0 255.255.255.0 nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 192.168.0.0 255.255.0.0 nat (inside) 2 192.168.0.0 255.255.0.0 static (dmz,outside) 188.8.131.52 192.168.0.2 netmask 255.255.255.255 static (dmz,outside2) 184.108.40.206 192.168.0.2 netmask 255.255.255.255 static (dmz,inside) 220.127.116.11 192.168.0.2 netmask 255.255.255.255 ! ! ! route outside 0.0.0.0 0.0.0.0 18.104.22.168 route outside 0.0.0.0 0.0.0.0 22.214.171.124 The actual nat'ng is giving me trouble. The "global (outside2) 2 interface" command (I believe) creates another global pool on the 2nd WAN subnet but the "nat (inside) 2 192.168.0.0 255.255.0.0" command is not valid. Is there any way make the outbound traffic nat to both WAN subnets? I am also unsure how the ASA will react to having 2 default routes. Thanks
This question has been asked many times in this forum.
You are correct - the ASA does not support two default routes out diff. interfaces.
It cannot do load balancing either. ASA does not support PBR (policy based routing)
The outside router should connect to both the ISPs and load balance based on PBR.
You can translate some traffic based on ISP1 provided IP scheme and translate others based on IPS2 provided ISP scheme and have the router look at the source address and send them out the two diff. ISPs based on the source address.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...