HI Rahgovin,

You are right , I have no access on internet internally. here is waht I did

ASA5505(config)# interface ethernet 0/0
ASA5505(config-if)# switchport access vlan 2
ASA5505(config-if)# no shutdown

ASA5505(config)# interface ethernet 0/1
ASA5505(config-if)# switchport access vlan 1
ASA5505(config-if)# no shutdown

ASA5505(config)# interface ethernet 0/2
ASA5505(config-if)# switchport access vlan 3
ASA5505(config-if)# no shutdown

ASA5505(config)# interface vlan 1
ASA5505(config-if)# nameif inside
ASA5505(config-if)# security-level 100
ASA5505(config-if)# ip address 192.168.1.1 255.255.255.0
ASA5505(config-if)# no shutdown

ASA5505(config)# interface vlan 2
ASA5505(config-if)# nameif primary-isp
ASA5505(config-if)# security-level 0
ASA5505(config-if)# ip address Primary ISP Exteral IP 255.255.255.0
ASA5505(config-if)# backup interface vlan 3
ASA5505(config-if)# no shutdown

ASA5505(config)# interface vlan 3
ASA5505(config-if)# nameif backup-isp
ASA5505(config-if)# security-level 1
ASA5505(config-if)# ip address Backup Isp 2 255.255.255.0
ASA5505(config-if)# no shutdown

ASA5505(config)# route primary-isp 0.0.0.0 0.0.0.0 Primary ISP Exteral IP 1
ASA5505(config)# route backup-isp 0.0.0.0 0.0.0.0 Backup Isp 2

Check also

nat (inside) 1 192.168.1.0 255.255.255.0
nat (inside) 1 0.0.0.0 0.0.0.0

route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1 track 1

route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx  2

Thanks

Amardeep Rana

So when u failover are u able to ping 4.2.2.2 from the firewall itself?

And do u have global commands for both primary and backup interfaces?

If both the answers are yes, try a packet tracer for an icmp packet from inside host to 4.2.2.2 and see where it fails when u are on your backup isp.

HI Rahgovin,

Thanks I am able to run internet , I have to make setting as my configratuion and I am up after that. Thank You for your hints this worked for me......

Thank You everyone.

Thanks

Amardeep Rana

can you please paste the entire config of the nat commands, looks like a nat issue

if its not an issue please post the entire config by making the public ip's

else plz paste the following

show run nat

show run global

show run static

configuration part of sla monitoring (you can pull out lines from your config)

you can refer to this doc for configuration in case you have doubt whether you have configured it properly

http://www.cisco.biz/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

HI

Here is details of commnds.

ciscoasa(config)# show run nat

nat (inside) 0 access-list 101

nat (inside) 1 192.168.12.0 255.255.255.0

nat (inside) 1 0.0.0.0 0.0.0.0

ciscoasa(config)# show run

ciscoasa(config)# show run globa

ciscoasa(config)# show run global

global (outside) 1 interface

ciscoasa(config)# sh run stati

ciscoasa(config)# sh run static

static (inside,outside) xxx.xxx.xxx.xxx.168.12.56 netmask 255.255.255.255

static (inside,outside) xxx.xxx.xxx.xxx 192.168.12.77 netmask 255.255.255.255

static (inside,outside) xxx.xxx.xxx.xxx 192.168.12.38 netmask 255.255.255.255

static (inside,outside) xxx.xxx.xxx.xxx 192.168.12.28 netmask 255.255.255.255

static (inside,outside) xxx.xxx.xxx.xxx 192.168.12.30 netmask 255.255.255.255

static (inside,outside) xxx.xxx.xxx.xxx 192.168.12.19 netmask 255.255.255.255

static (inside,outside) xxx.xxx.xxx.xxx  mailserver netmask 255.255.255.255

static (inside,outside) xxx.xxx.xxx.xxx 192.168.12.62 netmask 255.255.255.255

static (inside,outside) xxx.xxx.xxx.xxx 192.168.12.65 netmask 255.255.255.255

static (inside,outside) xxx.xxx.xxx.xxx 192.168.12.59 netmask 255.255.255.255

static (inside,outside) xxx.xxx.xxx.xxx  92.168.12.100 netmask 255.255.255.255

static (inside,outside) xxx.xxx.xxx.xxx 192.168.12.41 netmask 255.255.255.255

static (inside,outside) xxx.xxx.xxx.xxx 192.168.12.49 netmask 255.255.255.255

ciscoasa(config)#

thanks

Amardeep Rana