Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1167
Views
5
Helpful
4
Replies

2 ASA 5585 and two internet gateways

Walaa Elden Rabie Elabbasy
Level 1
Level 1

‎09-25-2011 05:11 AM - edited ‎03-11-2019 02:29 PM

We have 2 ASA (Active/standby) and 2 Internet connections with 2 Routers; i need to split traffic going

Through the ASA, the E-Learning traffic going to ISP1 and all other traffic going through ISP2 ?

and still automatic failover occur. if the ISP1 down the E-Learning traffic will automatically go through ISP2 ?

is it possible to use 2 static routes. one for E-Learning traffic (subnet) and one for all other traffic ?

if any one have a solution for these issues?

Labels:
0 Helpful
4 Replies 4

Roman Rodichev
Level 7
Level 7

‎09-25-2011 08:38 AM

ASA doesn't support policy based routing (based on source IP). In order to do this you would need to add another router or pair of routers outside of ASAs and configure PBR on those.

Walaa Elden Rabie Elabbasy
Level 1
Level 1
In response to Roman Rodichev

‎09-25-2011 01:06 PM

Thank you for your replay, but  the problem in outgoing traffic, which router will be the gateway for the ASA considering that Each router is connected to separate ISP and yes there PBR for routing, the problem not in routing side, the issue in the ASA side. and again i need to SPLIT the traffic in ASA's. so one subnet go through spicific ISP and all other traffic going to

Another ISP.

If this explination is not enough i can upload drawing for high level design  the network

0 Helpful

Roman Rodichev
Level 7
Level 7
In response to Walaa Elden Rabie Elabbasy

‎09-25-2011 01:33 PM

Yes, and that's what I was saying earlier, ASA doesn't do policy based routing. You want one source IP to use one default route, and another source IP to use another default route. Not possible on ASA. You will need to add a router between your ASAs and your ISP routers. You will route all traffic to that router (or again, you could have a pair of routers for redundancy) and then do policy based routing on THAT router(s) to select which ISP to take for which source IP(s). You would also need to add one or two switches between your ASAs and routers.

0 Helpful

Lee Valentin
Level 1
Level 1

‎09-26-2011 02:42 AM

Roman is correct. You cannot do PBR on ASA, you'll have to use static routing. Your question should go in the routing forum.

What you can do is create a static route for e-learning on your ASA to a new HSRP address between your two routers and use PBR on the router to determine the path from there.

The problem then could be return traffic. Will it take an optimal path on the way back. You may then have asymmetrical routing.

Again, this post is better suited in routing forum.

Good luck

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card