Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Multiple default routes at Cisco ASA

Hi, 

 

I have Cisco ASA 5515-X firewall with dual WAN connections. I have two default routes one for primary and one for backup with tracking feature enabled and PAT. When primary connection went down backup works with PAT. I also have two Public IP pools from both WAN links. I want to configure static NAT of my servers with  Public IP addresses from both WAN pools simultaneously. But static NAT is working with primary link only, is it due to default route? because ASA accept only one default route with single metric? Is there any solution to make static nat work from both links at a time?

5 REPLIES
VIP Green

But static NAT is working

But static NAT is working with primary link only, is it due to default route? because ASA accept only one default route with single metric?

Yes, this is the issue.

To my understanding there is no work around unless you are able to specify the destination subnets manually in your routing table.  then you could split it so that half go through one interface and the other half go through the second interface.

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
New Member

I have following routes but

I have following routes but only 1 can work at a time. Can you send me configuration how to add manual routes pointing to specific destinations ? 

route outside 0.0.0.0 0.0.0.0 202.x.x.x 1 track 1
route backup 0.0.0.0 0.0.0.0 125.x.x.x 254

VIP Green

it is just like the default

it is just like the default route configuration except you dont use 0's but specify a specific subnet:

route backup 1.2.3.0 255.255.255.0 125.x.x.x

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
New Member

I want to send traffic to any

I want to send traffic to any destination from both interfaces. Is it possible?

VIP Green

That is not possible.  In

That is not possible.  In that case you would be better off putting a router infront of the ASA to handle routing between the two ISP connections

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
354
Views
0
Helpful
5
Replies
CreatePlease to create content