Re: How to solve multiple networks gateways issue

Nick Sinyakov · ‎02-27-2011

Hi cisco guru.

I have 2 cisco ASA 5505 in failover configuration. It is configured as a gateway too.

For example with 2 NICs:

1. IP 192.168.17.5

Mask 255.255.255.0

Gateway 192.168.17.2 (cisco ASA)

2. IP 123.108.151.13

Mask 255.255.248.0

Gateway 123.108.151.254 (ISP)

Is case with Windows 2008 R2 I have to set gateway's metrics 1 (or any, but it should be the same for both NICs) and I will have access via Private and Public interfaces. If I restart NIC 1, my default gateway will be gateway from NIC 2, and versa-vise, but two access at the same time.

I'm not sure if Linux can do it, probably not.

Do you have any ideas how to solve it for Linux! and Windows?

Collin Clark · ‎02-28-2011

Windows can not have 2 default gateways. You should never have a public and private interface on 1 server. Create a DMZ on your ASA and have one network connection on the server. That prevents the problem you are seeing and it does not compromise security.

Nick Sinyakov · ‎02-28-2011

Hi Collin,

Thanks for your answer.

There is a different situation. ASA has public IP (used for site-to-site VPN) and default gateway Juniper (for internet access) has public IP. I've made ASA as gateway, so VM which doesn't have public IP will have internet via NAT. Unfortunately if remote ASA private IP from VM NIC gateway, I will lose private access to this VM. Same situation with Linux VMs.

Collin Clark · ‎02-28-2011

I'm sorry I don't understand. Do you have a diagram?

Nick Sinyakov · ‎02-28-2011

Sorry, I don't have diagram. This solution works for Windows, but not for Linux.