cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
587
Views
0
Helpful
3
Replies

Design Question on ASA

ksarin123_2
Level 1
Level 1

Drawing1.jpg

Hello folks -

Here is an image describing my network topology. As indicated, we have two different ISP's for two different services we provide. Our customers have access to Database servers as well as FTP servers sitting in the DMZ. Customers are connecting over the Internet. ISP1 is supposed to be used for all outbound traffic for the database server, and ISP2 is supposed to be used for all outbound FTP traffic. The connection to both these servers is being intiated by the customers from outside. The firewall has a default route pointing to ISP1.


Since ASA is a stateful firewall, I am assuming all connections coming over ISP2 into the DMZ will be routed back over the ISP2 connection, and not over to ISP1 since that is where the default route is pointing to. Therefore there should not be any assymetric routing that should occur.

Is my assumption correct?

Thanks for your help!

3 Replies 3

Collin Clark
VIP Alumni
VIP Alumni

I agree that your assumption is correct with one caveat, unicast RPF must be turned off.

Can you explain why unicast RPF must be turned off?

I have provided the option that you are looking for in this document:

https://supportforums.cisco.com/docs/DOC-13015/#Allowing_outbound_via_ISP1_and_inbound_via_ISP2

-KS

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: