Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Two ISPs, one ASA 5510... two LANs?

Hello,

I have a Cisco ASA 5510 running 8.2(5) firmware, "base" license and 1GB memory.

Currently we have a running/working network on 192.168.100.0 (Ethernet0/1) that uses comcast (Ethernet0/2) for the ISP.

There is also a T1 at the location that we would like to utilize for the VOIP phones. Is there a way to assign an available ASA port (Ethernet0/3) 192.168.123.1, and have anything on that port use the T1 for internet? I did assign port 3 192.168.123.1, and also set up DHCP on that interface, but when I plug in my laptop -- I do get internet (I created a dynamic NAT rule) but it's going out the comcast isntead of the T1 interface.

How do I force outbound traffic on Ethernet0/3 to use Ethernet0/0 for internet? I'm thinking it has something to do with interface security level? I an unfamiliar with command line so if anyone knows how to accomplish this in ASDM that would hlep.

Here is what I have set up for the interfaces so far:

Ethernet0/0 (name = outside, security level = 1, IP address is public IP of T1)

Ethernet0/1 (name = inside, security level = 100, IP address is 192.168.100.1)

Ethernet0/2 (name = comcast, security level = 0, IP address is public IP of comcast)

Ethernet0/3 (name = VOIP, security level = 100, IP address is 192.168.123.1)

Any help is greatly appreciated!

Everyone's tags (3)
6 REPLIES

Two ISPs, one ASA 5510... two LANs?

Can you post your Dynamic NAT Config?

It sounds like, you may have it going from, (VOIP,comcast) and not (VOIP,outside)

New Member

Two ISPs, one ASA 5510... two LANs?

Thanks John,

I wish I knew how to do that (or maybe I do?). I ran show run from the CLI and here are the only nat references I found:

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 192.168.100.0 255.255.255.0

nat (VOIP) 1 192.168.123.0 255.255.255.0

Is there a better way to get the info?

Hall of Fame Super Gold

Two ISPs, one ASA 5510... two LANs?

Wrong forum, post in security - firewalling. You can move you post using the actions panel on the right.

Two ISPs, one ASA 5510... two LANs?

Type 'show run global' .

Silver

Two ISPs, one ASA 5510... two LANs?

The ASA does not support PBR so you cannot mark traffic to leave based on source only based on destination that is normally done by routing or NAT.

Q.   Can Cisco 5500 Series ASA do a Policy Based Routing (PBR) like Cisco   Router? For example, mail traffic should be routed to first ISP while http   traffic should be routed to the second one.

A. Unfortunately, there is no way to do policy-based routing on the ASA at       this time. It can be a feature that is added to the ASA in the future.

Note: The route-map command is used to redistribute routes between routing protocols, such as OSPF           and RIP, with the use of metrics and not to policy route regular traffic as in           routers.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item09186a00805b87d8.shtml

Please rate our assistance with marking the post as answered.

Value our effort and rate the assistance!
Super Bronze

Re: Two ISPs, one ASA 5510... two LANs?

Hi,

With the very latest 8.4 and 9.x software levels you could utilize NAT to have one LAN use ISP1 and other LAN use ISP2.

Its not something that Cisco nor I really suggest but it works.

In your current software level you wont able to implement it since it uses the older NAT configuration format.

- Jouni

381
Views
0
Helpful
6
Replies
CreatePlease to create content