Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
456
Views
0
Helpful
2
Replies

configure ASA 5510 for individual server traffic routing

shostackr
Level 1
Level 1

‎01-28-2013 12:13 PM - edited ‎03-11-2019 05:53 PM

I am wondering if this is possible. We have multiple internet connections with fixed IP's coming into the office. We'd like to use one for FTP backup and another to service our websites. From what i have read a 5510 doesn't do policy based routing, but we'd like to configure our ftp server to use one of the internet pipes and our webserver to use another internet pipe. Is that possible?

We'd have two outside fixed IP interfaces and two internal interfaces. I could then use one of the internal interfaces for the web server and the other for the FTP server. consequently if the internal web server and FTP server use the fixed IP"s corresponding DNS server wouldn't that effectively route all FTP traffic out one interface and all web traffic out the other?

Is this possible? has anyone done something of the sort?

So we'd have a configuratoin like the followin...

External 1 w.w.w.w (fixed IP)

External 2 x.x.x.x (fixed IP)

Internal 1y.y.y.y

Internal 2 z.z.z.z

Then the FTP traffic would be NAT'ed to an internal interface

and the HTTP & HTTPS traffic would be NAT'ed to a separate internal interface.

Then if each of the internal servers used the corresponding internal NIC on the ASA as it's gateway and the fixed IP's that correspond to the external DNS server, then it would affectively only use that gatway out for traffic? Would that work? Does anyone else do anything like this? It's very simple and crude, but it should route traffic out those pipes correct? Will the asa support two different next hop routers for the two different interfaces?

Thanks!

Labels:
0 Helpful
2 Replies 2

Jennifer Halim
Cisco Employee
Cisco Employee

‎01-28-2013 05:42 PM

No, unfortunately ASA doesn't support multiple internet connections on 2 different interfaces active at the same time. You can only configure redundant backup ISP connection on ASA using SLA monitor, but not having 2 internet connections active at the same time.

It would be best to place a router in front of the ASA and let the router does the routing.

0 Helpful

david.tran
Level 4
Level 4
In response to Jennifer Halim

‎01-28-2013 06:39 PM

I have a better solution for you.  Instead of placing a router in front of the ASA to do the routing, you can get a Nokia IP appliances running Checkpoint firewall.  The nokia IPSO can run IGRP/OSPF or BGP and you can manipulate your routing policy that way and then let the checkpoint firewall do the firewall part for you.  Less hardware to manage.

You might be to do this with a Juniper firewall as well (I think)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card