Morning Ashok

Thank you very much for your reply and solution. 

That means, we only have to configure a default route  0 0 0 0/0  with our Gateway IP Address on outside interface, right?

 Then all clients traffic will goes through the cisco ASA, right? 

 In addition, an existing mail server should also be hung behind the cisco ASA, I hope that won´t cause any issue 

  Thank you again and regards

Hello Ashok,

Thank you again for your support regarding this topic. we really appreciate it 

 Only to make sure, it is clear to me what I have to do. please feel free to correct me if I am wrong.

 On the client (Laptop) site, we have to configure the Gateway IP address  

 and on the Cisco ASA via (CLI or ASDM) we have to configure the default route 0.0.0.0/0 with the same IP Gateway like on the client site (Laptop) on outside interface 

that is what I have to do, right ?

Thank you once again 

I am talking in general...

ASA Inside interface IP address let's say - 10.1.1.1/24 & then let's take the client IP address as 10.1.1.2 with default gateway set to "10.1.1.1".

And then, you also configure a default route on ASA pointing to a Router for eg with IP address 192.168.1.1 like below. The Router is default gateway for ASA to reach external networks & below default route is pointing through ASA outside interface.

"route outside 0.0.0.0 0.0.0.0 192.168.1.1"

Pls follow the below link for details.

https://www.ccri.edu/faculty_staff/comp/jmowry/Security/ASA5506%209-3-1-2%20Lab%20-%20Configure%20ASA%20Basic%20Settings%20and%20Firewall%20Using%20CLI.pdf

Morning Ashok.

Thank you again for all the information you provide and for all your help. 

 I would like to send you the setup scenario we are talking about 

  How can I send you the setup scenario please to have a look?

Best Regards

Hello Ashok,

Thank you for your reply. 

The attached file is the current and new setup scenario design. 

I am asking myself right now if it will be better to remove both ISP provider router from the new design and connect the ASA Eth1 and Eth2 interface to the ISP 1 and 2 network  and the ASA Eth3 to the intranet  and every LAN user will use the IP gateway of the LAN network 

So I don´t know where I will connect the mail server if we decide to remove both ISP routers from the new design because the Mail server is actually connected to ISP1 router. 

what could be the benefit and inconvenient by removing or keeping both ISP provider in the new design?

 I am not sure but I think we can move them.

your opinion / idea will be very great appreciated 

Thank you very much 

Best Regards

I feel you can go with your new design. And, Mail servers are generally put in Inside zone or DMZ zone depends upon your business requirements.

Please find the following link for the details.

https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/118958-configure-asa-00.html#anc6

Hello Ashok,

Thank you for your email. 

So it make sense to go ahead with  the new design without both ISP router , right? 

or we should keep them in the new design

I think the ASA  can do all both ISP routers are able to perform

Cheers

Hello Ashok,

Thank you very much for all your support regarding that problem. I will do it like that and let you know how good it is working

 we really appreciated all information you provided to me 

Cheers

Hello Balaji,

That is exactly the setup 

good point, disable SMTP inspection on ASA for ever or only before we start the configuration?

 which network routing and NAT configuration we can need in this case please ? 

Thank you very much

Best Regards

Bertrand Abega