Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Firewalls Community


Dual Wan interfaces on an ASA 5520

I have an asa 5520 that I'd like to be able to load balance 2 internet providers on.  I've been playing around with a possible config.  interface GigabitEthernet0/0  nameif outside  security-level 0  ip address  ! interface GigabitEthernet0/1  nameif dmz  security-level 50  ip address  ! interface GigabitEthernet0/2  nameif outside2  security-level 0  ip address  ! interface GigabitEthernet0/3  description LAN Failover Interface ! interface Management0/0  nameif inside  security-level 100  ip address  ! ! global (outside) 1 interface global (dmz) 1 interface global (outside2) 2 interface global (inside) 1 interface nat (dmz) 0 access-list dmz_nat0_outbound nat (dmz) 1 nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1  nat (inside) 2  static (dmz,outside) netmask  static (dmz,outside2) netmask static (dmz,inside) netmask  ! ! ! route outside route outside   The actual nat'ng is giving me trouble.  The "global (outside2) 2 interface" command (I believe) creates another global pool on the 2nd WAN subnet but the "nat (inside) 2" command is not valid.  Is there any way make the outbound traffic nat to both WAN subnets?  I am also unsure how the ASA will react to having 2 default routes.  Thanks

Cisco Employee

Re: Dual Wan interfaces on an ASA 5520

This question has been asked many times in this forum.

You are correct - the ASA does not support two default routes out diff. interfaces.

It cannot do load balancing either.  ASA does not support PBR (policy based routing)

The outside router should connect to both the ISPs and load balance based on PBR.

You can translate some traffic based on ISP1 provided IP scheme and translate others based on IPS2 provided ISP scheme and have the router look at the source address and send them out the two diff. ISPs based on the source address.