i need a little help to get my configuration working
I have 3 ISP's which all land on one switch
i have an asa5506x which needs to route each vlan to specific isp
so the configuration should look something like this:
isp1 (gw address 10.10.10.1)
isp2 (gw address 10.10.10.2)
isp3 (gw address 10.10.10.3)
vlan 100 - ip range 192.168.100.0/24 - routed to isp1
vlan 200 - ip range 192.168.200.0/24 - routed to isp2
vlan 300 - ip range 192.168.300.0/24 - routed to isp3
currently all my tests result in all vlan's beeing routed to isp1
in asa i currently have only one outside interface and it is called "outside" which is connected to a "dumb" switch.
the switch is connected to three different isp's.
Look at below example guide, adding to other post.
Also consider using IP SLA, if any of the link fails route to different ISP, if not the traffic will be black-holed.
I am puzzled about what the original poster describes "have only one outside interface and it is called "outside" which is connected to a "dumb" switch. the switch is connected to three different isp's"
If there are 3 different ISPs I would certainly assume that each ISP has its own unique public IP. I do not see any way for ASA5506 to be able to talk to 3 different public IP connected to outside interface. If this were IOS and we could use secondary address then it could work. But that is not supported on ASA. I do not see any way to get 3 different ISP connected to dumb switch connected to one ASA interface.
i will try to explain a little bit more:
there is a router that first accepts all connections from isp's and the creates an internal network with different ip representing each isp. These ip's are used by many "secondary" routers (like this asa). Please have a look at my great paint drawing attached to this post.
Thank you for the explanation. This is an unusual environment but now we have a better understanding of it. Based on what we know now I do agree that the solution that you need is to configure Policy Based Routing on the ASA. In the route map for PBR you could match to subnet 1 and set ip next-hop as address of ISP 1, match to subnet 2 and set ip next-hop as address of ISP 2, and match on subnet 3 and set ip next-hop as address of ISP 3.
Thank you for your reply - i managed to get this far already yesterday and it seems to be working. Now the problem is that when i have set dhcp server for interface it stops working.
Glad you got it to the point where it seems to be working. I am not clear how setting dhcp server would impact PBR unless the DHCP server is changing addresses so that they do not match the acl for PBR. Perhaps you could supply some detail about what you are trying to do?
Sorry, if my explanation was not clear. if i remove pbr then my computers are getting address from dhcp that has been configured on asa to vlan interface. if i set pbr then computers in this vlan interface stop getting address from dhcp server configured in asa.
Thanks for the explanation. Since we do not have any details of what you are doing it is difficult to know exactly what the issue is. But it seems logical that something in the operation of PBR is interfering with DHCP. Perhaps you could revise the acl that you use to identify traffic for PBR and deny packets related to DHCP?
Am I correct in understanding that you have several vlans (and therefore several subnets) on your ASA? And so there would be several DHCP scopes? And that you are applying PBR to the interfaces for those several vlans? Perhaps you could post some details about this?