The ASA doesn't support

Richard Bradfield · ‎12-17-2014

We have had a single ISP for years with a public address space 203.xx.xx.xx/24, now we have just got another ISP with a 220.xx.xx.xx/28 address space

now when I do my natting I obviously want the appropriate public address to go thru to the correct ISP. if I could do route maps as per a router there would be no problems, also not allowed to put 2 default routes(0.0.0.0 0.0.0.0) on the ASA . can this be achieved on a single ASA?

Karsten Iwen · ‎12-17-2014

You have to configure both ISPs in a primary/backup-way for outgoing traffic. For incoming traffic, both ISPs can be used at the same time. You need:

A default route to your primary ISP with tracking
A default route to your backup ISP with a higher AD
complete NAT-configs for both ISPs

A Guide for ASA version 7 is found here:

http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/70559-pix-dual-isp.html

Just change the NAT to the new syntax for ASA version >=8.3.

Richard Bradfield · ‎12-19-2014

That's not what I want, as I have two different Public address ranges I need to be able to send thru each ISP concurrently. Servers have specific Public addresses so must go to the correct ISP network, because of routing from the Internet.

Karsten Iwen · ‎12-19-2014

The ASA doesn't support policy-based routing. You should place a router in front of the ASA to do the prober routing.

How can I configure my ASA for 2 ISPs each with different IP address range allocated to us