01-08-2013 07:58 PM - edited 03-11-2019 05:44 PM
Hi Guys,
I want to know with an ASA 5505 w/ Security Plus License I get up to 20 VLANS/Named Interfaces.
I have a customer that is getting a new subnet of external IP addresses from their service provider and a different default gateway to accomodate re-hosting their datacenter at their main office instead of at a Colo.
My question, when building out their new DMZ, can I have multiple route 0.0.0.0 commands?
Example.
Current Default Gateway 1.1.1.X
Internal hosts 192.168.1.0 use and are natted to 1.1.1.X
New Default Gateway for DMZ Servers 2.2.2.x
Internal hosts still use 1.1.1.X, but server hosts in 192.168.1.3 should use 2.2.2.X -- there are also a bunch of pre-existing static NAT rules for these servers such as 2.2.2.30 translates to 192.168.1.30.
I think I would accomplish this by using the following:
route inside 0.0.0.0 0.0.0.0 1.1.1.X
route DMZ 0.0.0.0 0.0.0.0 2.2.2.x
Would this be correct?
Solved! Go to Solution.
01-08-2013 08:15 PM
Hello Jeremy,
No, this will not work as you can only have one default route pointing an interface ( there is no support for multiple default routes going over different interfaces)
You might want to read the SLA feature that I would say is the option that will fit your requirements
Regards,
Julio
01-08-2013 08:15 PM
Hello Jeremy,
No, this will not work as you can only have one default route pointing an interface ( there is no support for multiple default routes going over different interfaces)
You might want to read the SLA feature that I would say is the option that will fit your requirements
Regards,
Julio
01-09-2013 08:57 PM
Thanks Julio, your solution wont fit my requirements, but we'll split the customer's network with a spare router, and once they can get some additional IP's on the new range, I'll unite them.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide