Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

(TWO OUTSIDE INTERFACES) ONE FOR A HOST AND OTHER FOR OTHERS HOSTS

Hi all,

I have a ASA 5510 with 2 interfaces outside that 2 internet links are connected it.

I need to do that a host in inside netwok goes out by a interface outise and others host goes out by other interface.

Someone know how can I to do this?

  • Firewalling
6 REPLIES
New Member

Re: (TWO OUTSIDE INTERFACES) ONE FOR A HOST AND OTHER FOR OTHERS

Hi ,

Please Update with more details wat exactly you want ..

1) You want policy based routing ( which not possible in asa)

2) You have inside network (10.10.10.0/24) & you have 2 differnet subnet which is connected to 2 different internet pipes , Your target if request is coming for the 1st network then its will move to 1st internet link & if request is coming for another subnet then it move to another internet link .which can be possible through Policy nat .

please update with details .

Regards

Ritesh Malviya

New Member

Re: (TWO OUTSIDE INTERFACES) ONE FOR A HOST AND OTHER FOR OTHERS

Malviya,

I beleave that PBR could solve this problem, but is not supported in ASA.

I have two internet links main and secondary (2 outside interfaces) and 1 inside interface.

I need to permit that a only host goes out by a of secondary internet link, while all others host goes out by the main link.

The subnet is the same.

New Member

Re: (TWO OUTSIDE INTERFACES) ONE FOR A HOST AND OTHER FOR OTHERS

Hi,

This is possible only if all your inside network goes by doing PolicyNAT.

Lets consider the following.

interface outsideA: ip= A.A.A.A

interface outsideB: ip= B.B.B.B

interface insideH. ip=H.H.H.1

Your two hosts:

H.H.H.A and H.H.H.B

Note: This configuration only works if your inside host uses your outside interface IP for internet access.

Commands:

access-list internetA extended permit ip host H.H.H.A any

access-list internetB extended permit ip host H.H.H.B any

global (outsideA) 2 interface

gloabl (outsideB) 3 interface

nat (inside) 2 access-list internetA

nat (inside) 3 access-list internetB

New Member

Re: (TWO OUTSIDE INTERFACES) ONE FOR A HOST AND OTHER FOR OTHERS

Hi maskey,

I did what you suggest, but because I have two link I wasn't able to configure a default route for each link.

route internetA 0.0.0.0 0.0.0.0 x.x.x.x

route internetB 0.0.0.0 0.0.0.0 y.y.y.y

Someone know how can I configure two defaults routes in ASA?

Thanks

New Member

Re: (TWO OUTSIDE INTERFACES) ONE FOR A HOST AND OTHER FOR OTHERS

Hi,

The default routing pointing to internet should be like this:

Assuming your two outside interfaces are named:

outsideA

outsideB

the default route to internet should be:

route outsideA 0.0.0.0 0.0.0.0 x.x.x.x

route outsideB 0.0.0.0 0.0.0.0 y.y.y.y

Test the connection using packet tracer

source IP: H.H.H.A

src port: 2000

protocol: tcp

dest public IP: P.P.P.P

dst port: 80

Review the packet tracer output closely

repeat with inside ip: H.H.H.B

New Member

Re: (TWO OUTSIDE INTERFACES) ONE FOR A HOST AND OTHER FOR OTHERS

Roshan, did you get this working, trying to setup the same configuration (Two ISP's)

If so how did the routeing work ?

Thanks in Advance !

101
Views
0
Helpful
6
Replies
This widget could not be displayed.