Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
877
Views
0
Helpful
1
Replies

Multiple ASA'a and Multiple gateways

jdrose_2
Level 1
Level 1

‎08-05-2010 06:56 AM - edited ‎02-21-2020 04:02 AM

We have a main offfice and remote office on different ISP's - both behind ASA-5510s. Main office is a 192.168.200.xxx subnet, remote office is 192.168.210.xxx. Offices were connected through a point to point vpn on the ASAs. We now have a direct layer 2 connection between the locations so we can connect without the VPN (connection will be behind the ASA's directly from switch to switch). My question is if both offices are on the same internal subnet (192.168.200.xxx) and the ASA's have different ISP's (and public addresses) will it work to set the main office systems to ASA #1 (and ISP #1) for the gateway for all internet traffic and the remote office systems to ASA #2 (and ISP #2) for their internet traffic? What I want is all WAN traffic for the main office coming and going through ASA and ISP #1 and all WAN traffic to and from the remote office coming and going through ASA and ISP #2, but all LAN traffic on the same 192.168.200.xxx subnet. Thanks!

0 Helpful
1 Reply 1

mirober2
Cisco Employee
Cisco Employee

‎08-18-2010 07:14 PM

Hello,

If I understand your question correctly, what you describe will only work if both ASA's have an interface in the 192.168.200.xxx subnet. You won't be able to add a default gateway to your host unless it's in the same subnet. In addition, the ASA doesn't support any type of policy-based routing.

That being said, could you leave the subnets as they currently are (192.168.200.xxx and 192.168.210.xxx)? If so, I've done something very similar to this in the past. It looked like this:

Switch #1-----L2 connection------Switch #2

|                                                              |

ASA  #1-----------Internet--------------ASA #2

|                                                              |

Clients [192.168.200.xxx]      Clients [192.168.210.xxx]

In this setup, the cilents had a default gateway of the ASA at their respective site. This accomplished what it sounds like you want to do. If a client at site #1 wanted to send traffic to a client at site #2, it would travel to ASA #1, then ASA #2 via the L2 connection, and on to the destination host. Any other traffic used the ASA's default gateway of its ISP and went out through the site's Internet connection.

Hope that helps.

-Mike

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card