Solved: Re: 2 Internet connections on ASA5510

billetj09 · ‎03-01-2012

Hello,

I'm stock and I am sure it is simple but I can't find it.

I have an ASA5510 from which I am using 3 interfaces.

-One interface have the main internet connection router

-One interface is attache to a switch 3750 and has multiple virtual interface configured on it

-One interface has another internet connection router.

What I am trying to do is to have only one of the Vlan using the second internet connection and not the first one.

My idea was to just have a static route who says that on interface VLAN_B (for the special VLAN), all traffic goes to 2nd internet router interface.

But it does not route.

All I have is a default route configured : on interface Internet1 0.0.0.0/0 goes to 1st internet router interface.

Any idea or help ?

Thank you very much

Ton V Engelen · ‎03-22-2012

Hi

what i can think of is to run the asa in multiple context mode.

use one context for routing the special vlan and use the other context for routing the rest.

I dont run the asa itsself in multiple context, but i have 2 fwsm' s running in multiple context and by multiple context what you want to do is possible.

You might want to check your reseller if a license is needed though for your asa or if its onboard already.

Good luck.

View solution in original post

fb_webuser · ‎03-01-2012

use route map

---

Posted by WebUser Nabil Benyoussef

billetj09 · ‎03-22-2012

Thanks for your answer but I don't see how route map would work here. I am not really familliar wth route map I have to say.

Ton V Engelen · ‎03-22-2012

Hi,

What he means is something like this:

Example: vlan 10 has to go out to router 2 and vlan 20 has to go out to router 1

For instance:

vlan 10 = 10.1.1.0 /24

vlan 20 = 10.1.2.0/24

Create ACL to match address ranges

access-list 101 permit ip 10.1.1.0 0.0.0.255 any
access-list 102 permit ip 10.1.2.0 0.0.0.255 any

Create route-map, match address 101 and set next-hop to router 2

route-map outbound permit 10
match ip address 101
set ip next-hop

Create route-map, match address 102 and set next-hop to router 1

route-map outbound permit 20
match ip address 102
set ip next-hop

Apply route-map

interface Ethernet0/x

ip policy route-map outbound

interface Ethernet0/y

ip policy route-map outbound

Now when a packet enters ethernet0/x and its source ip = 10.1.1.x, a next hop to router 2 will be set. etc.

billetj09 · ‎03-22-2012

Thanks a lot for your answer, it makes it more clear. But one problem is still there, I am configuring that on my ASA 5510, and there is no "set ip next-hop" only set ip metric/metric-type

billetj09 · ‎03-22-2012

Do you think that by configuring OSPF I would be able to isolate the 2 connections ?

I mean if I put vlan 10 and router 1 in one OSPF process and Vlan 20 and router 2 in another OSPF process, would it allow me to apply kind of 2 different default gatway (one per process) ?

Ton V Engelen · ‎03-22-2012

Hi

not sure, but i dont think so.

i m now logged in a asa here and will check some stuff.

ps. I did see that its indeed not possible to configure the next hop.

Ton V Engelen · ‎03-22-2012

Hi

what i can think of is to run the asa in multiple context mode.

use one context for routing the special vlan and use the other context for routing the rest.

I dont run the asa itsself in multiple context, but i have 2 fwsm' s running in multiple context and by multiple context what you want to do is possible.

You might want to check your reseller if a license is needed though for your asa or if its onboard already.

Good luck.

billetj09 · ‎03-22-2012

Thanks a lot for the search. I look into the multiple context mode.

billetj09 · ‎03-22-2012

Thanks A LOT Ton V Engelen.

I had already the good license for the multiple context and now it is working like a charm

Ton V Engelen · ‎03-22-2012

Hi

very cool!

And you worked this config change out very fast!!!

Thanks!!