Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
610
Views
0
Helpful
0
Replies

Ciscoasa route-lookup for dual isp

secureIT
Level 4
Level 4

‎08-21-2017 10:01 PM - edited ‎02-21-2020 06:13 AM

Dear Team,

 

We had ASA with 8.2 version and  the egress interface was determined by routing table.
Post upgrading to 9.x egress interface is determined from xlate table now.
When I shift link from one ISP to another ISP (segment1,segment2) or vice versa I have to manually change the position of the Nat rules, else we are unable to access the network servers through these segment1&s from dmz network. Is there any work around to fix this issue. As per cisco this is by design
and route-lookup is possible only for static and not for dynamic NAT. I agree with this, but looking for some alternate options or work around.

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/nat_objects.html

 

nat (dmz, segment1) source dynamic any interface destination static obj1 obj2
nat (dmz, segment2) source dynamic any interface destination static obj1 obj2

 

regards

SecIT

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card