We have a ASA 5510 that has 2 internet connections and one inside network connection. It has been configured so that one Internet connection is used for all our Internet Usage and VPN usage.
The second internet connection has been configured purely for one dedicated VPN connection.
On the odd occassion we have had some issues with our main Internet Service Provider and the 1st Internet connection will go down. This means our entire office is unable to access the internet and all the VPN connections on that interface go down as well.
Is there a way to have outbound traffic from our internal network fail over to the 2nd internet connection that we have setup?
I have tried to configure it, but I think the problem may be due to the fact we are using PAT to translate internal addresses to our external address.
Phillip, indeed , I have as well read may comments,it all depends on your environment as they all differ from one another, you best bet is to have a good solid plan for upgrade and fall back. You do have a justification to upgrade for features needed, so I would suggest the following:
1- Do a search again in forum for ASA code upgrades and look at comments from users that have gone through this process and note their impact in fuctionality if any. I believe this is good resource to collect information .
2- Very important , look into release notes for a particular version. For example version 8.0, look into open CAVEATS usually at the end of the link page, reading the open bugs gives you clues what has not yet been resolved for that particular code and if in fact could impact you in your environment, it is possible that a particular bug does not realy apply to your environment becuase you have yet not implemented that particualr configuration. Usually we all try to aim towards a GD (General Deployment) code which is what we all understand is most stable but not necesarily means you have to be stack in that code waiting for another GD release, in my personal experience I have upgraded our firewall from 7.2 to 8.0(3) long ago and had no issues, and recently upgraded to 8.0(4)when it was first release in August this year.
Thanks! We have successfully upgraded to 7.2. I have also tested the Link posted about setting up the use of a Backup ISP. It cuts over to the second static route for the Backup ISP fine... but the problem now is NAT. I get translation errors. And when I attempt to create a new NAT rule for the Backup ISP, it will not allow me to, as it says I already have one configured. Any Ideas?
We are using PAT with using the Interface IP on the Primary ISP... and we would like to configure the same on the Backup ISP. Is this actually possible?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...