Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
955
Views
0
Helpful
1
Replies

ASA, dual WAN for different services

mirek.uczniak
Level 1
Level 1

‎09-19-2012 03:30 AM - edited ‎03-11-2019 04:56 PM

I have ASA 5505 ver, 8.4(1)

I hane configured 2 WAN links to

1. Outside1 - distance metric 50

2. Outside2 - distance metric 20

Currentry all traffic is passing thru Outside2 and it's correct, also s2s and ra VPN is also running on Outside2

My current case is to use Outside1 for webvpn services only. I can't use Outside2 becouse on 443 port other services are running, also I cant change webvpn port to other.

How can I match packets incoming to interface Internet1 from Interner side nad route them back thru Internet1 interface.

IPSLA is not a good solution becouse I need to have both WAN links used

Now in routing table I have only onre record

S*   0.0.0.0 0.0.0.0 [20/0] via x.x.x.x, INTERNET2

for link with lower metric, but after some problems with provider for link Internet2 routing has changed for Internet1 and didn't change it back after resolving problem

solution could be route map but i have no idea how to create it for all traffic incoming for Internet1 interface from outside

Labels:
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎09-20-2012 06:16 AM

Unfortunately ASA does not support having 2 active default route via 2 interfaces.

You can route the s2s vpn via a different interface than the one with the default route by configuring static routes for the peer ip address as well as the remote LAN by pointing it via the other Outside interface.

RA VPN and WebVPN won't work because of the unknown ip address of user where they are connecting from hence can't configure static route.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card