topic Re: (TWO OUTSIDE INTERFACES) ONE FOR A HOST AND OTHER FOR OTHERS in Network Security

(TWO OUTSIDE INTERFACES) ONE FOR A HOST AND OTHER FOR OTHERS HOSTS

leandro.candido — Mon, 11 Mar 2019 15:17:47 GMT

Hi all,

I have a ASA 5510 with 2 interfaces outside that 2 internet links are connected it.

I need to do that a host in inside netwok goes out by a interface outise and others host goes out by other interface.

Someone know how can I to do this?

Re: (TWO OUTSIDE INTERFACES) ONE FOR A HOST AND OTHER FOR OTHERS

r.malviya — Mon, 13 Apr 2009 18:33:55 GMT

Hi ,

Please Update with more details wat exactly you want ..

1) You want policy based routing ( which not possible in asa)

2) You have inside network (10.10.10.0/24) & you have 2 differnet subnet which is connected to 2 different internet pipes , Your target if request is coming for the 1st network then its will move to 1st internet link & if request is coming for another subnet then it move to another internet link .which can be possible through Policy nat .

please update with details .

Regards

Ritesh Malviya

Re: (TWO OUTSIDE INTERFACES) ONE FOR A HOST AND OTHER FOR OTHERS

leandro.candido — Mon, 13 Apr 2009 18:58:54 GMT

Malviya,

I beleave that PBR could solve this problem, but is not supported in ASA.

I have two internet links main and secondary (2 outside interfaces) and 1 inside interface.

I need to permit that a only host goes out by a of secondary internet link, while all others host goes out by the main link.

The subnet is the same.

Re: (TWO OUTSIDE INTERFACES) ONE FOR A HOST AND OTHER FOR OTHERS

roshan.maskey — Mon, 13 Apr 2009 23:48:49 GMT

Hi,

This is possible only if all your inside network goes by doing PolicyNAT.

Lets consider the following.

interface outsideA: ip= A.A.A.A

interface outsideB: ip= B.B.B.B

interface insideH. ip=H.H.H.1

Your two hosts:

H.H.H.A and H.H.H.B

Note: This configuration only works if your inside host uses your outside interface IP for internet access.

Commands:

access-list internetA extended permit ip host H.H.H.A any

access-list internetB extended permit ip host H.H.H.B any

global (outsideA) 2 interface

gloabl (outsideB) 3 interface

nat (inside) 2 access-list internetA

nat (inside) 3 access-list internetB

Re: (TWO OUTSIDE INTERFACES) ONE FOR A HOST AND OTHER FOR OTHERS

leandro.candido — Tue, 14 Apr 2009 00:40:18 GMT

Hi maskey,

I did what you suggest, but because I have two link I wasn't able to configure a default route for each link.

route internetA 0.0.0.0 0.0.0.0 x.x.x.x

route internetB 0.0.0.0 0.0.0.0 y.y.y.y

Someone know how can I configure two defaults routes in ASA?

Thanks

Re: (TWO OUTSIDE INTERFACES) ONE FOR A HOST AND OTHER FOR OTHERS

roshan.maskey — Tue, 14 Apr 2009 03:45:22 GMT

Hi,

The default routing pointing to internet should be like this:

Assuming your two outside interfaces are named:

outsideA

outsideB

the default route to internet should be:

route outsideA 0.0.0.0 0.0.0.0 x.x.x.x

route outsideB 0.0.0.0 0.0.0.0 y.y.y.y

Test the connection using packet tracer

source IP: H.H.H.A

src port: 2000

protocol: tcp

dest public IP: P.P.P.P

dst port: 80

Review the packet tracer output closely

repeat with inside ip: H.H.H.B

Re: (TWO OUTSIDE INTERFACES) ONE FOR A HOST AND OTHER FOR OTHERS

smartin — Thu, 11 Jun 2009 11:20:41 GMT

Roshan, did you get this working, trying to setup the same configuration (Two ISP's)

If so how did the routeing work ?

Thanks in Advance !