Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1277
Views
0
Helpful
1
Replies

ASA 5515 second outside interface

Go to solution
mrochac
Level 1
Level 1

‎05-30-2017 08:29 AM - edited ‎03-12-2019 02:26 AM

Good day all, can someone advise what is the best way to go about setting up a second outside interface on ASA - reason behind is that we're trying to have a security alarm system have a dedicated internet feed, having 2 disabled interface on our ASA i figure i could bring one up and setup some sort of static NAT from Security system to internet.

Security alarm system is on its own subnet 192.168.7.x /24 and vlan of course - i want traffic from a specific IP to go out this new outside interface. Any help would be greatly appreciated, ACL and NAT info.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
willwetherman
Spotlight
Spotlight

‎05-30-2017 01:34 PM

Hi,

 

This can be achieved by using Policy Based Routing that is available in ASA version 9.4 and later.

 

Example configuration

 

interface GigabitEthernet0/2

 description ***New Outside Interface***

 nameif outside2

 security-level 0

 ip address x.x.x.x

!

object network security-system

 subnet 192.168.7.0 255.255.255.0

!

nat (inside,outside2) source dynamic security-system interface

!

access-list acl-security-system permit 192.168.7.0 255.255.255.0

!

route-map policy-route permit 10

 match ip address security-system

 set ip next-hop x.x.x.x <----- IP address of new outside2 interface gateway

 !

interface GigabitEthernet0/1

 description ***Inside Interface***

 nameif inside

 security-level 100

 ip address x.x.x.x

 policy-route route-map policy-route

 

 

You can find further details of PBR in the following document as well as some additional  example configs.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/general/asa-94-general-config/route-policy-based.pdf

I hope that this helps

View solution in original post

0 Helpful
1 Reply 1

Go to solution
willwetherman
Spotlight
Spotlight

‎05-30-2017 01:34 PM

Hi,

 

This can be achieved by using Policy Based Routing that is available in ASA version 9.4 and later.

 

Example configuration

 

interface GigabitEthernet0/2

 description ***New Outside Interface***

 nameif outside2

 security-level 0

 ip address x.x.x.x

!

object network security-system

 subnet 192.168.7.0 255.255.255.0

!

nat (inside,outside2) source dynamic security-system interface

!

access-list acl-security-system permit 192.168.7.0 255.255.255.0

!

route-map policy-route permit 10

 match ip address security-system

 set ip next-hop x.x.x.x <----- IP address of new outside2 interface gateway

 !

interface GigabitEthernet0/1

 description ***Inside Interface***

 nameif inside

 security-level 100

 ip address x.x.x.x

 policy-route route-map policy-route

 

 

You can find further details of PBR in the following document as well as some additional  example configs.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/general/asa-94-general-config/route-policy-based.pdf

I hope that this helps

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card