ASA 5510 Dual WAN / VPN

richardsav · ‎11-14-2006

Hello. Is it possible on an ASA5520 to utilize X2 WAN links to the internet, both T1 lines with different ISP?s; one for SMTP and one for VPN. Both interfaces are NAT?d and have connectivity. E0 is primary and has default route with a metric of 1 and E1 has a default route with a metric of 5. E0 is SMTP and E1 is for IPSEC. If I change the route metrics around the VPN works great, however the lower metric route has to be E0.

Is there some way to accomplish what I want to? As a work around I used a 506E for the SMTP but I?d rather use a single ASA. I suspect that this is a routing issue but I?m not sure if it?s possible to define routes on VPN tunnels on the same device.

Sincerely

daniel.wiberg · ‎11-15-2006

What if you add a specific route to the ip address of the remote VPN peer to be routed to the same address as the default route of the E1 interface.

richardsav · ‎11-16-2006

I tried that, but it didn't make any diff. I think the issue is when Phase 1 takes place it's routing out the default oute.

zeuscyril · ‎12-27-2010

hi all,

i am also having the same scanrio,

is anybody got solution for this ?

thanks

cyril

praprama · ‎12-27-2010

Hi,

Unfortunately, such load balancing isn't possible on the ASA. At any point of time, we can have ony one default route active on it.

Cheers,

Prapanch