cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


202
Views
0
Helpful
0
Replies
Participant

Ciscoasa route-lookup for dual isp

Dear Team,

 

We had ASA with 8.2 version and  the egress interface was determined by routing table.
Post upgrading to 9.x egress interface is determined from xlate table now.
When I shift link from one ISP to another ISP (segment1,segment2) or vice versa I have to manually change the position of the Nat rules, else we are unable to access the network servers through these segment1&s from dmz network. Is there any work around to fix this issue. As per cisco this is by design
and route-lookup is possible only for static and not for dynamic NAT. I agree with this, but looking for some alternate options or work around.

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/nat_objects.html

 

nat (dmz, segment1) source dynamic any interface destination static obj1 obj2
nat (dmz, segment2) source dynamic any interface destination static obj1 obj2

 

regards

SecIT