10-07-2015 05:44 AM - edited 03-11-2019 11:42 PM
Hello All,
I have two default routes on ASA pointing to two different ISP s with different metrics.
The hosts pointing to the default route with metric 1 are able to access the internet to and fro,however the hosts pointing to default route with metric 2 are accessible from public internet but not from inside.
Any idea how to overcome this ?
Any help would be highly appreciated !
10-07-2015 06:29 AM
Hi,
The ASA will use the route with lower metric to route traffic using default route.
Are you using static nat for traffic coming from ISP2 (metric 2).
Share more details about the version you are running and your network setup.
You can use packet-tracer for better understanding of your configuration.
Hope it helps!!!
Thanks,
R.Seth
10-07-2015 06:46 AM
Hi Rishabh,
iam using ASA version 9.1.
i am using static nat for isp2,when i interchange the metrics and the one with lower metric is able to access the internet.
need to know is there any way to send the hosts using default route with higher metric to internet.
thanks
10-07-2015 07:15 AM
Hi,
The ASA will install the route with lower metric to route traffic.
You can make use of policy based routing which is available for 9.4 version and above.
In case you want to load balance traffic across two ISPs then you can use ECMP on ASA.
Hope it helps!!!
Thanks,
R.Seth
Don't forget to mark the answer as correct if it helps in resolving your query!!!
10-07-2015 07:43 AM
thanks Rishabh for the reply,
we have equal cost links from the two isps but not sure how to implement,
any idea in the form of configuration.
10-07-2015 10:47 AM
Hi Mudasir,
Please refer following doc to configure ECMP on ASA. It has all details that would help you in successfully configuring ECMP.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/general/asa-general-cli/route-overview.html
Thanks,
R.Seth
Mark this answer as correct if it helps in resolving your query!!!
10-07-2015 11:37 PM
thanks for the document,
as per the document the ECMP has been divided into two categories,with zones and without zones,without zones single outside interface has been used with different gateways and with zones multiple interfaces of ASA are used with different gateways.
Need to know here what exactly is meant by zones?
10-08-2015 12:24 AM
Hi Mudasir,
In asa all the sessions are created per interface basis but when you employ zones in your configuration then the sessions are created on zone basis.
Zones resolve the problem on asymmetric routing.
You can refer following doc for zones:
Traffic zones:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/general/asa-general-cli/interface-zones.html?referring_site=RE&pos=1&page=http://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/115986-asa-eqm-products-configuration-example.html
ECMP:
http://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/115986-asa-eqm-products-configuration-example.html
Hope it helps!!!
Thanks,
R.Seth
Don't forget to mark the answer as correct if it helps in resolving your query!!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide