Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
581
Views
0
Helpful
4
Replies

Differentiate traffic between two ISP

Go to solution
dogalov.m
Level 1
Level 1

‎04-04-2017 11:52 PM - edited ‎03-12-2019 02:10 AM

I have Cisco ASA5525-MB, Software Version 9.2(2)4, one inside network and two ISP.
I need direct traffic to specific server in the Internet (3.3.3.1) through ISP2 only, and to other destinations through ISP1. How to configure routing and NAT?

Portion of my ASA configuraion:

interface GigabitEthernet0/0
  nameif ISP1
  ip address 1.1.1.1 255.255.255.252

interface GigabitEthernet0/1
  nameif ISP2
  ip address 2.2.2.1 255.255.255.252

interface GigabitEthernet0/2
  nameif Inside
  ip address 172.16.0.2 255.255.255.252

object network Inside
  subnet 10.0.0.0 255.255.255.0
  nat (Inside,ISP1) dynamic interface

route ISP1 0.0.0.0 0.0.0.0 1.1.1.2 1

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to dogalov.m

‎04-05-2017 04:17 AM

Sorry - your two NAT statements need to both be after-auto type.

Try removing the existing interface NAT and use this instead:

nat (inside,ISP1) after-auto source dynamic any interface
nat (inside,ISP2) after-auto source dynamic any interface

You should also "clear xlate" after making NAT changes to clear any existing translations.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-05-2017 01:07 AM

Assuming the ISP2 gateway is 2.2.2.2, then you should be able to use the following:

route ISP2 3.3.3.1 255.255.255.255 2.2.2.2
nat (Inside,ISP2) dynamic interface
0 Helpful

Go to solution
dogalov.m
Level 1
Level 1
In response to Marvin Rhoads

‎04-05-2017 04:05 AM

If I change to configuration:

object network Inside
  subnet 10.0.0.0 255.255.255.0
  nat (Inside,ISP2) dynamic interface

route ISP2 3.3.3.1 255.255.255.255 2.2.2.2

The result is I'm going to this server through ISP2 successfully but I haven't connection to other rest of Internet.

If I change to configuration:

object network Host
  host 10.1.1.1
  nat (Inside,ISP2) dynamic interface

route ISP2 3.3.3.1 255.255.255.255 2.2.2.2

The result is I'm going to this server through ISP2 successfully and I'm going to other rest of Internet successfully through ISP1. But I need apply this to hole inside subnet.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to dogalov.m

‎04-05-2017 04:17 AM

Sorry - your two NAT statements need to both be after-auto type.

Try removing the existing interface NAT and use this instead:

nat (inside,ISP1) after-auto source dynamic any interface
nat (inside,ISP2) after-auto source dynamic any interface

You should also "clear xlate" after making NAT changes to clear any existing translations.

0 Helpful

Go to solution
dogalov.m
Level 1
Level 1
In response to Marvin Rhoads

‎04-05-2017 04:39 AM

Thank you Marvin

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card