Two ISP's for dmz & inside

alialjamri2008 · ‎09-09-2012

I have two internet ISP's links, currently dmz and inside interfaces are using one ISP (route outside 0.0.0.0 0.0.0.0 “ISP1_IP”), I need to use one ISP for inside and the other ISP for dmz.

appreciate your help.

Ali

terrencepayet · ‎09-09-2012

Hi Ali,

Please elaborate more on what you want to achieve so that we can help you.

Also give us model and ios version of ASA.

Regards,

Terence

alialjamri2008 · ‎09-09-2012

ASA5510 Software Version 8.2(2)

We have one ISP (ISP1) outside connection (Business), and we need to add one for Gust access. The gust will be routed to another ISP (ISP2) through dmz. Please see attached illustration diagram.

Thanks

Ali

ridesh.cisco · ‎09-10-2012

Hi,

I am assuming ISP1 for Internal zone and ISP2 for DMZ.

Internal zone is allowed to access all protocols

access-list inside_access_in extended permit ip Internal-IP 255.255.255.0 any

Allow access from internet to DMZ server

access-list outside1_access_in extended permit tcp any host DMZ-Server'sPulic IP

Pat on the outside and DMZ interface for internal hosts

global (outside) 1 interface

global (dmz) 1 interface

nat (inside) 1 internal-IP netmask

Static NAT mapping for our DMZ server

static (dmz,outside1) DMZ-Server'sGlobal-IP DMZ-Server's-PrivateIP netmask 255.255.255.255

access-group outside1_access_in in interface outside1

access-group inside_access_in in interface inside

Default Routes

route outside 0.0.0.0 0.0.0.0 ISP1-Gateway 1

route outside1 0.0.0.0 0.0.0.0 ISP2-Gateway 2

hera, outside = ASA port that is connected to ISP1

outside1=ASA port that is connected to ISP2