Multihoming is not possible with ASA as of now. in case of failure of 1st link, u need to manually change the NAT/static statements for the traffic to flow via the second link... you can have only one default gateway on the firewall...
anyway, if you want to specifically divert only smtp traffic to the second link, u can do it,by adding specific routes for the mail server to the second link and having the default route to the first link.. even here, in case of failure, we need to manually change the configs on the firewall to make it work...
best way is to implement BGP on the outside router and do multihoming there instead of doing it on the firewall....
Hi .. you could follow the below link for configuring multihomed configuration which is basically a combination of BGP at the edge routers and OSPF between the edge routers and the ASAs and default routes injected from BGP to the OSPF with different metrics .. having the main link the preference. A private addressing could be configured between the edge routers and the outside interface of your ASAs.
In regards to the static NAT you could add a second NIC to your email server and allocate a secondary private IP address to it. You could then create two static translations on the ASA with two different public addresses ( according to the ISPs ) and map each one to the respective NIC of your email server.
There will be 2 MX records for your domain with different priorities in case MX 1 ( email server with IP address 1 ) is not reachable when link IPS1 one goes down.
Now .. when link ISP1 is OK then NIC 2 of your email server will need to be disabled. When link ISP1 is down (assuming ISP2 2 is OK )then NIC 1 needs to be disabled and NIC 2 will need to be enabled. I can't think of another work around it right now .. :-)
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :