Hi Mudasir, In asa all the

mudasir05 · ‎10-07-2015

Hello All,

I have two default routes on ASA pointing to two different ISP s with different metrics.

The hosts pointing to the default route with metric 1 are able to access the internet to and fro,however the hosts pointing to default route with metric 2 are accessible from public internet but not from inside.

Any idea how to overcome this ?

Any help would be highly appreciated !

Rishabh Seth · ‎10-07-2015

Hi,

The ASA will use the route with lower metric to route traffic using default route.

Are you using static nat for traffic coming from ISP2 (metric 2).

Share more details about the version you are running and your network setup.

You can use packet-tracer for better understanding of your configuration.

Hope it helps!!!

Thanks,

R.Seth

mudasir05 · ‎10-07-2015

Hi Rishabh,

iam using ASA version 9.1.

i am using static nat for isp2,when i interchange the metrics and the one with lower metric is able to access the internet.

need to know is there any way to send the hosts using default route with higher metric to internet.

thanks

Rishabh Seth · ‎10-07-2015

Hi,

The ASA will install the route with lower metric to route traffic.

You can make use of policy based routing which is available for 9.4 version and above.

In case you want to load balance traffic across two ISPs then you can use ECMP on ASA.

Hope it helps!!!

Thanks,

R.Seth

Don't forget to mark the answer as correct if it helps in resolving your query!!!

mudasir05 · ‎10-07-2015

thanks Rishabh for the reply,

we have equal cost links from the two isps but not sure how to implement,

any idea in the form of configuration.

Rishabh Seth · ‎10-07-2015

Hi Mudasir,

Please refer following doc to configure ECMP on ASA. It has all details that would help you in successfully configuring ECMP.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/general/asa-general-cli/route-overview.html

Thanks,

R.Seth

Mark this answer as correct if it helps in resolving your query!!!

mudasir05 · ‎10-07-2015

thanks for the document,

as per the document the ECMP has been divided into two categories,with zones and without zones,without zones single outside interface has been used with different gateways and with zones multiple interfaces of ASA are used with different gateways.

Need to know here what exactly is meant by zones?

Rishabh Seth · ‎10-08-2015

Hi Mudasir,

In asa all the sessions are created per interface basis but when you employ zones in your configuration then the sessions are created on zone basis.

Zones resolve the problem on asymmetric routing.

You can refer following doc for zones:

Traffic zones:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/general/asa-general-cli/interface-zones.html?referring_site=RE&pos=1&page=http://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/115986-asa-eqm-products-configuration-example.html

ECMP:

http://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/115986-asa-eqm-products-configuration-example.html

Hope it helps!!!

Thanks,

R.Seth

Don't forget to mark the answer as correct if it helps in resolving your query!!!

Dual default route on ASA