Dual wan nat in asa 5510

zeuscyril · ‎12-27-2010

hi all,

i have two isp links one is leased line with static ip and the other one is DSL with dynamic ip

my scanrio is i need to leased line to nat local host to outside to access through web and the DSL i need to use for the local user internet access

is it possible ?

i connected both isp links in asa 5510.

leased line i need to use only for two servers in the local network (like sharepoint access from outside).

thanks

cyril

zeuscyril · ‎12-28-2010

hi all,

this is the exact thing i need

Incoming / Outgoing Mail (Exchange 2010) and Web Access (Share-point):

First Internet Connection: Internet Leased Line 512 Kbps with Static IP for MS-Exchange Server 2010, Share-point Foundation 2010 setup on SBS2011 Premium server (ie: Windows Server 2008R2)

Local Users Internet Access:

Second Internet Connection: Broadband Internet 100 Mbps with Dynamic IP for LAN users and Server / Desktop updates

thanks

cyril

mparthan · ‎12-28-2010

Hello Cyril,

The ASA 5510 does not support Policy based routing. It is very likely that a feature request for PBR has been placed already, but no announcements have been made yet.

There are a few workarounds available to support this feature, but as such the ASA is not designed to do policy-based routing.

It is best you have PBR configured on an IOS device.

Regards,

Malavika

zeuscyril · ‎12-28-2010

hi malavika

how we can do it in the router

if u provide me the example of it , it will be very helpful because i tried already with router .

thanks

cyril

Kureli Sankar · ‎12-28-2010

Pls. refer this link: https://supportforums.cisco.com/docs/DOC-13015/

I have provided steps to configure PBR on the router.

-KS

zeuscyril · ‎12-28-2010

hi poongulzi,

thanks for ur good reply,

but if i have one with static ip line and thge other one DSL with dynamic this concept will work?

thanks

cyril

Kureli Sankar · ‎12-28-2010

I beleive so. There is an option to set the DHCP learned next hop under the route-map section. I have never used this option so, pls. double check before implementing.

"set ip next-hop dynamic dhcp"

-KS

zeuscyril · ‎12-28-2010

hi ks,

thanks for ur reply.

suppose i am not using asa 5510, i am using only ios router then the policy based routing is in the same way or we ned to use ..... some other routing for the same scanrio.

thanks

cyril

mparthan · ‎12-28-2010

Hello Cyril,

If you decide to do away with the ASA 5510, and only use the router to implement PBR, you will have to use the same configuration. No additional configuration is required.

Regards,

Malavika

zeuscyril · ‎12-28-2010

hi malavika,

in that case the next-hop dhcp will work

thanks

cyril

mparthan · ‎12-28-2010

hCyril,

You can set the next hop to the gateway that was most recently learned by the Dynamic Host Configuration Protocol (DHCP) client, using the "set ip next-hop dynamic dhcp" command in route-map configuration mode. This command was introduced in 12.3(2)XE.

Also to add,this command command supports only a single DHCP interface. If multiple interfaces have DHCP configured, the gateway that was most recently learned among all interfaces running DHCP will be used by the route map.

So you can configure the router to use the next hop it learnt using DHCP as per your requirement.

Regards,

Malavika