Hi Everyone,
We have 2 ISP's and are using a Cisco ASA 5505, with Security Plus license. I know the ASA can do failover, but can I just route web traffic, like 80/443 out my second ISP, while the other one handles all other traffic?
I found earlier posts that said you could, pre 8.2, but those commands appear to be deprecated now. Those commands are below:
==========
"Now, if you does not want to configure ISP failback, but you need to route Web (port 80,443) traffic via ISP2 and all other traffic
via ISP1. This requires PBR, which is not supported on ASA/PIX, but we can configure a workaround on ASA/PIX to make it work.
Following are the commands which will achieve it-
route ISP1 0 0 1.1.1.2 //Default route pointing to ISP1
route ISP2 0 0 2.2.2.2 2 //Default route with Metric 2 via ISP2
static (ISP2,inside) tcp 0.0.0.0 80 0.0.0.0 80
static (ISP2,inside) tcp 0.0.0.0 443 0.0.0.0 443
sysopt noproxyarp inside
nat (inside) 1 0 0
global (ISP1) 1 interface
global (ISP2) 1 interface
Thats it !! Now all the traffic destined to any address on port 80/443 will be forcibly put on ISP2 interface and routed from there."
------------------------------
Are there new commands, post 8.2, that will accomplish this?
It's odd that the ASA can't do this, as a low end Sonicwall can accomplish what I am trying to do very easily.
Thanks for all your help!
