Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1525
Views
10
Helpful
7
Replies

Dual ISP ASA 9.1

Go to solution
Bernard Incarnato
Level 1
Level 1

‎08-01-2016 02:37 PM - edited ‎03-12-2019 01:04 AM

Trying to get a secondary ISP connection setup on a client's ASA, version 9.1. The issue I am having is that no traffic flows out the secondary connection when I disable the primary. I am assuming it has to do with NAT and/or ACLs but these are something I haven't been able to wrap my head around. I just don't understand it.

Attached is the current config and I have setup the route, the monitoring, but stuck there.

Any/all guidance is appreciated.

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎08-01-2016 10:49 PM

Your routing is ok (two default-routes with different AD), but you don't have a dynamic NAT/PAT to your backup interface. It has to be configured the same way as you have for your primary interface:

nat (inside,backup) after-auto source dynamic any interface

View solution in original post

Go to solution
Karsten Iwen
VIP
VIP
In response to Bernard Incarnato

‎08-02-2016 06:51 AM

Well, the needed command is already given. If you wan't to dig deeper into NAT, you can start with the config guide or a good book on the ASA.

View solution in original post

7 Replies 7

Go to solution
mvsheik123
Level 7
Level 7

‎08-01-2016 04:41 PM

Hi,

Check the below link for basic configuration with dual ISPs-

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118962-configure-asa-00.html

hth

MS

0 Helpful

Go to solution
Bernard Incarnato
Level 1
Level 1
In response to mvsheik123

‎08-02-2016 06:03 AM

I used this to make the changes and it appears to switch default routes fine. It just isn't allowing any traffic through the 2nd connection. 

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP

‎08-01-2016 10:49 PM

Your routing is ok (two default-routes with different AD), but you don't have a dynamic NAT/PAT to your backup interface. It has to be configured the same way as you have for your primary interface:

nat (inside,backup) after-auto source dynamic any interface

Go to solution
Bernard Incarnato
Level 1
Level 1
In response to Karsten Iwen

‎08-02-2016 06:04 AM

I'm a novice when it comes to these things so I will see if I can track down/figure out the commands to add. 

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to Bernard Incarnato

‎08-02-2016 06:51 AM

Well, the needed command is already given. If you wan't to dig deeper into NAT, you can start with the config guide or a good book on the ASA.

Go to solution
Bernard Incarnato
Level 1
Level 1
In response to Karsten Iwen

‎08-02-2016 06:53 AM

Understood and I appreciate the guidance. I will see how I fare... Thanks again.

0 Helpful

Go to solution
Bernard Incarnato
Level 1
Level 1
In response to Karsten Iwen

‎08-03-2016 01:13 PM

Was able to go onsite and apply this today. Happy to report it worked like a champ! Thanks again for the guidance! I do appreciate it!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card