Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Separate traffic by protocol - multiple internet interfaces

Hello,

I would like to connect a second ISP link to our ASA 5510 to solely serve http traffic from our organization's employees (ie. web surfing). We currently have all employee traffic and two site-to-site VPN tunnels connecting to the internet from this firewall. I want to keep the tunnels as currently configured on the existing connection and split out http/https traffic from our staff onto a less costly link.

How would I go about doing this?

Thanks!
Greg

1 REPLY

Separate traffic by protocol - multiple internet interfaces

Greg,

Normally you could use Policy based routing, but the ASA does not support this (yet), if you have a router in front of the ASA (so between the ISPs and your ASA), you could use PBR to split traffic between providers.

check out this post:

https://supportforums.cisco.com/docs/DOC-6069    it contains a discussion around using NAT to engineer what you are trying to achieve.

please rate if usefull.

Dennis

Please remember to rate useful posts, by clicking on the stars below.

457
Views
0
Helpful
1
Replies
CreatePlease to create content