I am going to implement a new ASA 5520 in a network with two ISP, but I have a question with the route because with one provider the user can access to internet but with the second services provider the user have the e-mails, so this is the topology:
In the route i am thinking configure something like that:
ip route inside 172.17.0.0 255.255.0.0 ip_addreess_proxy_server
ip route inside 10.1.0.0 255.255.0.0 ip_address_proxy_server
ip route dmz 192.168.210.0 255.255.255.0 ip_address_sw_dmz
ip route outside mail ip_adress_router_dlci 311
ip route outside 0.0.0.0 0.0.0.0 ip_address_router_245
In the fourth line should be the path that tells me that everything that´s e-mail is sent by the router 311.
I do not know if a have to put something like that:
ip route outside 220.127.116.11 255.255.255.248 ip_address_router_245
Where the network 18.104.22.168 is the ip address that the ISP give to me for the e-mails, web site and others.
I am a bit worried about this scenario, I dont want to ruin the party but... does the email server knows that the traffic is going to end on the interface with the DLCI 311? If the Mail server goes to the internet to reply back... it may get to the default gateway interface causing an Asymetric routing.
This is something to consider only... But the route statement is simple... just put the Server IP as destination network and the Router address with DLCI 311 as next hop....
Think about the asymetric routing... This is something that you would like to avoid.
Unless you have one specific mail server on the internet that all your mail will be sent to, this can't be done with an asa in single context. If you can, multi context will solve this, but you won't be able to do vpn, dynamic routing and multicast.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...