Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3071
Views
0
Helpful
6
Replies

ASA 5510 Configuration. how to configure 2 outside interface.

Go to solution
Lost & Found
Level 2
Level 2

‎04-23-2015 03:39 AM - edited ‎03-11-2019 10:49 PM

Hi 

I Have Cisco 5510 ASA and from workstation I want create a new route to another Router (Outside) facing my ISP.

From Workstation I can Ping ASA E0/2 interface but I cant ping ISP B router inside and outside interface.

I based all my configuration on the existing config. which until now is working 

interface Ethernet0/0
 description outside interface
 nameif outside
 security-level 0
 ip address 122.55.71.138 255.255.255.2
!
interface Ethernet0/1
 description inside interface
 nameif inside
 security-level 100
 ip address 10.34.63.252 255.255.240.0
!
interface Ethernet0/2
 description outside interface
 nameif outsides
 security-level 0
 ip address 121.97.64.178 255.255.255.240
!

global (outside) 1 interface

global (outsides) 2 interface ( I created this for E0/2)
nat (inside) 0 access-list nonat

nat (inside) 1 10.34.48.11 255.255.255.255 (Working: To E0/0 to Router ISP A inside and outside interface)

nat (inside) 2 10.34.48.32 255.255.255.255 (Working: To E0/2 to Router ISP A inside interface only but outside cant ping).

route outside 0.0.0.0 0.0.0.0 122.55.71.139 1 (Working)

route outside 10.34.48.32 255.255.255.255 121.97.64.179  1 (Test For New Route)
 

ISP Router A working Can ping and I can access the internet

interface FastEthernet0/0
 description Connection to ASA5510 
 ip address 122.55.71.139 255.255.255.248
 no ip redirects
 no ip proxy-arp
 ip nat inside
 duplex auto
 speed auto
!
interface S0/0
 ip address 111.54.29.122 255.255.255.252
 no ip redirects
 no ip proxy-arp
 ip nat outside
!
ip nat inside source static 122.55.71.139 111.54.29.122
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0

 ISP 2

interface FastEthernet0/0 ( ASA Can ping this interface)
 description Connection to ASA5510 
 ip address 121.97.64.179 255.255.255.248
 no ip redirects
 no ip proxy-arp
 ip nat inside
 duplex auto
 speed auto
!
interface E0/0 ( ASA Can 't ping this interface)
 ip address 121.97.69.122 255.255.255.252
 no ip redirects
 no ip proxy-arp
 ip nat outside
!
ip nat inside source static 121.97.64.179 121.97.69.122 
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 E0/0

CABLES

ASA to ISP Router B ( Straight through Cable)

ISP Router to IDU ( Straight through Cable)

Hope you could give some tips and solution for this kind of problem thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Vibhor Amrodia
Cisco Employee
Cisco Employee
In response to Vibhor Amrodia

‎04-23-2015 11:47 PM

Hi,

Are you able to ping the router interface IP from the ASA device ? If yes , try a packet trace on the ASA device for the traffic for the router IP address.

Thanks and Regards,

Vibhor Amrodia

 

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Vibhor Amrodia
Cisco Employee
Cisco Employee

‎04-23-2015 10:55 PM

Hi,

You can only use a single Default route on the ASA device.

Now , as per your requirement ,

route outside 10.34.48.32 255.255.255.255 121.97.64.179  1 (Test For New Route)

(Why do you have this route on the ASA device ?) I see this in the Inside interface Subnet.

Route lookup would be Destination based.

Are you looking to route specific traffic out thru the "outsides" interface ?

If yes , this configuration would not work unless you use some workaround configuration on the ASA device.

Refer:-

https://supportforums.cisco.com/document/59986/loadbalancing-dual-isp-asa

https://supportforums.cisco.com/document/49756/asapix-load-balancing-between-two-isp-options

Thanks and Regards,

Vibhor Amrodia

0 Helpful

Go to solution
Lost & Found
Level 2
Level 2
In response to Vibhor Amrodia

‎04-23-2015 11:12 PM

Hi yes I want to route outside using the 2 outside interface of the firewall so that I can use both outside interface.

Please see the attached picture for reference. just disregard all the ip addresses. 

thanks

Preview file
30 KB
0 Helpful

Go to solution
Vibhor Amrodia
Cisco Employee
Cisco Employee
In response to Lost & Found

‎04-23-2015 11:17 PM

Hi,

Although , PBR has been introduced but that will not be supported on this ASA device.

The only workaround is there in the URL link that i provided to you earlier.

Thanks and Regards,

Vibhor Amrodia

0 Helpful

Go to solution
Vibhor Amrodia
Cisco Employee
Cisco Employee
In response to Vibhor Amrodia

‎04-23-2015 11:47 PM

Hi,

Are you able to ping the router interface IP from the ASA device ? If yes , try a packet trace on the ASA device for the traffic for the router IP address.

Thanks and Regards,

Vibhor Amrodia

 

0 Helpful

Go to solution
Lost & Found
Level 2
Level 2
In response to Vibhor Amrodia

‎04-24-2015 06:50 AM

Hi,

Yes From firewall i can ping Router inside and outside interface.

Regarding to packet trace It's not enable on my ASA but when I try to enable it there are some commands not supported by my version.

 

thanks

0 Helpful

Go to solution
Lost & Found
Level 2
Level 2
In response to Lost & Found

‎04-23-2015 11:21 PM

But For now I want to ping my Router B inside and outside interface. but it seems that firewall is not passing or may be the router is not permitting my packet from my workstation.

-mtu outsides 1500
-icmp permit any outsides

-global (outsides) 2 interface
-nat (inside) 2 10.34.50.32 255.255.255.255
-route outsides 0.0.0.0 0.0.0.0 121.97.64.179 2 (Router Inside Interface)
-route inside 10.34.50.0 255.255.255.0 10.34.63.254 1

Please see the attached file. Test ping

Preview file
95 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card