03-18-2007 06:48 AM - edited 03-11-2019 02:48 AM
Hi,
I am planning to use a ASA 5510 for the following scenario:
1) two security-zones: one for office, one for exposed services such as mail-relay etc. (dmz)
2) one leased line/frame-relay routed via CISCO 2600 is connected to the outside interface of ASA; from within the dmz a set of private IPs will be NATed to official IPs
This already works fine, if the default route is set to the CISCO router (172.20.78.1) - so I can access a web-server inside the dmz from outside
3) Another ADSL-line (dynamic IP) should be used for normal browsing from office security-zone.
Interface PAT is working fine, if the default gateway is set to the ADSL-router (172.16.3.1).
My questions is now, how can I get both working? Meaning using ADSL from the office-zone and leased-line for dmz/exposed services?
Thanks
/bjoern
 
					
				
		
03-19-2007 10:06 AM
ASA is not a load balancer...so if you are looking to have 2 default gateways working simultaneously... this is not possible..
are you trying to access Internet from both the lines at the same time ? if yes then probably policy based routing or load balancing on router would be a better choice...
03-19-2007 11:32 PM
Thanks for your reply.
In fact, I don't want to do load balancing.
One interface (having a subnet of official IPs) should be used for exposed services (private IPs on DMZ are NATed statically).
The other connection should be used for browsing from the office-zone. This is a ADSL connection, which has a dynamic IP (doing PAT).
Does ASA support policy-based routing? Does it mean, that I can specificy based on the source (so dmz- or office-zone) to whict outside-interface traffic is routed?
Thanks
/bjoern
 
					
				
		
03-20-2007 10:21 AM
two default gateways at the same time will not work in ASA...PBR is not possible on ASA:-(
However as a workaround..if ya ready to spend for a simple 1700 series router then you can point the entire Default gateway traffic to Router and then router may be configured for the PBR..
03-21-2007 02:33 AM
Thanks for your update!
I have seen, that route-maps are supported on ASA but it looks like, that it does not support all features needed (feature-set on a router is much more complex).
So there is no way to just have a default route pointing to my leased-line router (having the static IPs) and a host-route which just routes the traffic (which comes from office-zone and therefore is PATed to be sent out via ADSL) to the IP of the ADSL-router (which will be only used for browsing, no exposed services) ?
Thanks
/bjoern
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide