Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
832
Views
0
Helpful
4
Replies

Route in ASA with two ISP

kathy-kat
Level 1
Level 1

‎11-23-2010 07:27 AM - edited ‎03-11-2019 12:13 PM

Hello!!

I am going to implement a new ASA 5520 in a network with two ISP, but I have a question with the route because with one provider the user can access to internet but with the second services provider the user have the e-mails, so this is the topology:

topologia propuesta.JPG

In the route i am thinking configure something like that:

ip route inside 172.17.0.0 255.255.0.0 ip_addreess_proxy_server

ip route inside 10.1.0.0 255.255.0.0 ip_address_proxy_server

ip route dmz 192.168.210.0 255.255.255.0 ip_address_sw_dmz

ip route outside mail ip_adress_router_dlci 311

ip route outside 0.0.0.0 0.0.0.0 ip_address_router_245

In the fourth line should be the path that tells me that everything that´s e-mail is sent by the router 311.

I do not know if a have to put something like that:

ip route outside 200.11.201.17 255.255.255.248 ip_address_router_245

Where the network 200.11.201.17 is the ip address that the ISP give to me for the e-mails, web site and others.

Any idea?

Labels:
0 Helpful
4 Replies 4

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎11-23-2010 08:15 AM

Hi Katherine,

You won't need the route:

ip route outside 200.11.201.17 255.255.255.248 ip_address_router_245

Because it's implied in the deafult route:

ip route outside 0.0.0.0 0.0.0.0 ip_address_router_245

Normally what you do is have a default route out one ISP and a route to the services needed on the other ISP:

On the ASA:

route outside 0 0 FIRST_ISP

route outside SERVICES_SECOND_ISP SECOND_ISP

Federico.

0 Helpful

kathy-kat
Level 1
Level 1
In response to Federico Coto Fajardo

‎11-23-2010 09:02 AM

Hello Federico,

Thanks for you answer, you are right but i am not explain very well, the route that i am thinking configure is that:

ip route outside 200.25.34.17 255.255.255.248 ip_address_router_311 and not ip route outside 200.25.34.17 255.255.255.248 ip_address_router_245

because the e-mail and web site go out by the router 311 and the internet navigation by the other router (245), so for that reason i need two routes

Kathy

0 Helpful

Maykol Rojas
Cisco Employee
Cisco Employee

‎11-23-2010 09:12 AM

Hello Katherine...

I am a bit worried about this scenario, I dont want to ruin the party but... does the email server knows that the traffic is going to end on the interface with the DLCI 311? If the Mail server goes to the internet to reply back... it may get to the default gateway interface causing an Asymetric routing.

This is something to consider only... But the route statement is simple... just put the Server IP as destination network and the Router address  with DLCI 311 as next hop....

Think about the asymetric routing... This is something that you would like to avoid.

Cheers.

Mike

Mike
0 Helpful

jan.nielsen
Level 7
Level 7
In response to Maykol Rojas

‎11-23-2010 01:34 PM

Unless you have one specific mail server on the internet that all your mail will be sent to, this can't be done with an asa in single context. If you can, multi context will solve this, but you won't be able to do vpn, dynamic routing and multicast.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card