Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
617
Views
0
Helpful
0
Replies

ASA 5512-X Dual-ISP Static Routes

tymeengineering
Level 1
Level 1

‎06-21-2016 07:28 AM - edited ‎03-12-2019 12:55 AM

In our office, we have a two-VLAN setup with Data running on VLAN 1 and VoIP running on VLAN 2. We also have separated modems and gateways for each of them, and would like them to have segregated internet access. Below is a list of all the VLAN IP information as well as the interfaces I currently have programmed on our ASA. (WAN addresses have been changed to protect the innocent.) We have the Security Plus license, so VLAN limitations should not be a problem.

The problem is that we have internet working for the Data VLAN but not for the VoIP VLAN.

Data VLAN 1:

  • LAN IP Pattern: 10.0.1.X
  • LAN Subnet: 255.255.255.0
  • LAN Gateway: 10.0.1.1
  • WAN Gateway: 98.76.153.163
  • WAN Static IP: 98.76.153.164

VoIP VLAN 2:

  • LAN IP Pattern: 192.168.2.X
  • LAN Subnet: 255.255.255.0
  • LAN Gateway: 192.168.2.1
  • WAN Gateway: 98.76.153.173
  • WAN Static IP: 98.76.153.174

ASA Interfaces:

  • GigabigEthernet 0/0 - data_outside 0 98.76.153.164
  • GigabigEthernet 0/1 - data_inside 100 10.0.1.1
  • GigabigEthernet 0/2 - voip_outside 0 192.168.0.2
  • GigabigEthernet 0/3 - voip_inside 100 192.168.2.1

What's different with the VoIP network is that it has a secondary router between the Modem and ASA. The VoIP router NAT translates the WAN address to the local address of 192.168.0.1. This is unavoidable due to our ISP requiring the router.

We would like the network to operate so that the Data traffic with the gateway of 10.0.1.1 hops on a static route to 98.76.153.163 and the VoIP traffic with the gateway of 192.168.2.1 hops on a static route to 192.168.0.1 (which then gets hopped by the VoIP router to 98.76.153.173).

These are the static routes we currently have configured:

data_outside 0.0.0.0 0.0.0.0 98.76.153.163 1

voip_outside 192.168.2.0 255.255.255.0 192.168.0.1 1

Right now, we have VLAN 1's internet working, so I assume the route for data_outside is correct. However, no traffic from the VoIP 192.168.2.x network is passing the ASA to 192.168.0.1. How should I configure my routes? I prefer ASDM because of the visual comparison I can make when configuring the ASA but I'm also comfortable with CLI when guided.

Thanks in advance,

Ted

2 people had this problem
Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card