Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1161
Views
0
Helpful
5
Replies

Multiple default routes at Cisco ASA

Rizwan
Level 1
Level 1

‎09-02-2014 02:08 AM - edited ‎03-12-2019 06:07 PM

Hi, 

 

I have Cisco ASA 5515-X firewall with dual WAN connections. I have two default routes one for primary and one for backup with tracking feature enabled and PAT. When primary connection went down backup works with PAT. I also have two Public IP pools from both WAN links. I want to configure static NAT of my servers with  Public IP addresses from both WAN pools simultaneously. But static NAT is working with primary link only, is it due to default route? because ASA accept only one default route with single metric? Is there any solution to make static nat work from both links at a time?

Labels:
0 Helpful
5 Replies 5

Marius Gunnerud
VIP
VIP

‎09-02-2014 02:43 AM

But static NAT is working with primary link only, is it due to default route? because ASA accept only one default route with single metric?

Yes, this is the issue.

To my understanding there is no work around unless you are able to specify the destination subnets manually in your routing table.  then you could split it so that half go through one interface and the other half go through the second interface.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Rizwan
Level 1
Level 1
In response to Marius Gunnerud

‎09-02-2014 03:02 AM

I have following routes but only 1 can work at a time. Can you send me configuration how to add manual routes pointing to specific destinations ? 

route outside 0.0.0.0 0.0.0.0 202.x.x.x 1 track 1
route backup 0.0.0.0 0.0.0.0 125.x.x.x 254

0 Helpful

Marius Gunnerud
VIP
VIP
In response to Rizwan

‎09-02-2014 03:06 AM

it is just like the default route configuration except you dont use 0's but specify a specific subnet:

route backup 1.2.3.0 255.255.255.0 125.x.x.x

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Rizwan
Level 1
Level 1
In response to Marius Gunnerud

‎09-02-2014 03:48 AM

I want to send traffic to any destination from both interfaces. Is it possible?

0 Helpful

Marius Gunnerud
VIP
VIP
In response to Rizwan

‎09-02-2014 03:49 AM

That is not possible.  In that case you would be better off putting a router infront of the ASA to handle routing between the two ISP connections

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card