The 5500-X models of ASA's

ahmed fahmy · ‎05-12-2015

I have ASA (ver 8.4) with 2 ISP connections.

Can i use Policy based NAT to have specific traffic use one ISP connection over another. say I have a User VLAN 10.10.10.0/24 and a Server VLAN 10.10.100.0/24.

I want Users to use ISP1 and Servers to use ISP2. Is that possible using NAT's?

fatalXerror · ‎05-13-2015

Hi ahmed,

I believed you need router or L3 switch above your firewall and configure it with BGP peering with your ISPs together with route-map for it to determine whether it comes via User or Server.

Thanks

deyster94 · ‎05-13-2015

The 5500-X models of ASA's can run BGP. If you have the budget to upgrade, you can migrate to the new platform and have this feature.

Vibhor Amrodia · ‎05-13-2015

Hi,

As you would not be able to upgrade to ASA 9.4 code for PBR functionality , you can use these steps as documented to workaround this issue:-

https://supportforums.cisco.com/document/59986/loadbalancing-dual-isp-asa

https://supportforums.cisco.com/document/49756/asapix-load-balancing-between-two-isp-options

Thanks and Regards,

Vibhor Amrodia

ahmed fahmy · ‎06-08-2015

Hi,

But even in 5500-x models, you cannot use two static routes with the same destination network(using BGP is not option)

Policy based NAT with 2 ISP connections