Changing ASA5505 Config to use a Different ISP

John_at_Grid · ‎03-23-2012

We have had an ASA5505 for close to two years. About a year ago, we added a second ISP ("BOB") which became our primary and our old one (SBC) became our backup. I successfully modified the config for this and it's been working well.

Now we're changing our primary ISP to Comcast and getting rid of BOB, so right now we actually have 3 ISPs coming into our building.

I removed the BOB interface and routes, then added an interface for Comcast using an IP address from the range they provided as well as a static route to the gateway they provided - everything is analagous to the previous interfaces and routes, but it doesn't work. If I physically disconnect the Ethernet cable going to the Comcast cable modem, then the ASA does fail back to the SBC interface as expected. If I put the BOB interface & route back in there, it works again through BOB.

If I connect a PC to the Comcast cable modem and use an IP/Gateway they provided, the Internet connection *does* work. Using this same exact IP info in the ASA doesn't work.

Is there some other configuration item besides interfaces and static routes that I should be modifying? Is there some way I can dig deeper into the ASA to see exactly what is failing?

Thanks!

John

John Blakley · ‎03-25-2012

It's hard to say without seeing your config. Generally, you'll just change the interface address and the static route that points to them. There are a couple of things that you can do. Can you ping Comcast from the ASA when the connection is made? What doesn't "work?"

HTH, John *** Please rate all useful posts ***

John_at_Grid · ‎03-27-2012

Found the solution - a dynamic NAT rule was needed in the firewall settings.