Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ASA 5520 - Adding New (Second ) ISP routing/NAT question

We are switching providers & need to know if I can route/NAT both providers at the same time.

By having both providers connected on different interfaces it would give me the ability to test the new ISP & would give me the flexibility to make changes to DNS.(we house several websites on our DMZ interface on the firewall)

Interfaces are

Outside (current ISP)

Outside2 (new ISP)

DMZ (Web servers)

Can anyone provide white papers.

Thanks in advance

3 REPLIES

Re: ASA 5520 - Adding New (Second ) ISP routing/NAT question

The problem is that the Cisco ASA does not support multiple default routes pointing out two separate interfaces. Neither does it support PBR. You can have a active/backup configuration tough:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

Regards

Farrukh

Community Member

Re: ASA 5520 - Adding New (Second ) ISP routing/NAT question

Could I have two ISP's coming in but going out through one ISP ?

Re: ASA 5520 - Adding New (Second ) ISP routing/NAT question

As far as routing is concerned, yes. But the problem is that the NAT function (at least the static) is bi-directional. So traffic from the internal source will be translated to the 'passive' ISPs mapped IP (public IP). But it will be routed out the primary ISP. Whether this would work, depends on how your ISP is configured (Access-lists etc). Its worth a try tough.

Regards

Farrukh

176
Views
0
Helpful
3
Replies
CreatePlease to create content