Dear all,

I am looking your support on below configuration, please provide me correct solution. Actually we have two internet connections one is existing another one is new, but the new link will be main(active) while the old one will be standby (backup).

In the dmz zone we have one application server, for the DMZ need be configuration on firewall and need full access from outside through internet. For more information please see the attached Network Design.

Two isp's on the Cisco ASA for redundancy:
========================================
* For the new internet link it is a new public IP which should be connected to the FW.
The old and new links should be there in the Firewall but the new link will be main(active) while the old one will be standby (backup).
!
Interface eth0
nameif outside (primary isp link-NEW)
security-level 0
ip address X.X.X.2 255.255.255.252
!
interface eth1
nameif backup (this is another isp link-OLD)
security-level 0
ip address X.X.X.2 255.255.255.252
!
interface eth2
nameif inside
security-ledress 100
ip address X.X.X.249 255.255.252.0
!
* For the DMZ need a configuration for DMZ server for Application access from outside through internet
!
interface eth3
nameif DMZ
security-ledress 50
ip address X.X.X.200 255.255.255.0
!
global (outside) 1 interface
global (backup) 1 interface
nat (inside) 1 X.X.X.0 255.255.255.0
!
route outside 0.0.0.0 0.0.0.0 X.X.X.1 1 track 1
!
route backup 0.0.0.0 0.0.0.0 X.X.X.1 254
!
sla monitor 123
type echo protocol ipIcmpEcho 10.0.0.1 interface outside
num-packets 3
frequency 10

(configure a new monitoring process with id 123, specify the monitoring
protocol & the target network object whose availability the tracking
process monitors. )
!
sla monitor schedule 123 life fireever start-time now
!
track 1 rtr 123 reachability

!