Showing results for 
Search instead for 
Did you mean: 


Two ISPs, one ASA 5510... two LANs?


I have a Cisco ASA 5510 running 8.2(5) firmware, "base" license and 1GB memory.

Currently we have a running/working network on (Ethernet0/1) that uses comcast (Ethernet0/2) for the ISP.

There is also a T1 at the location that we would like to utilize for the VOIP phones. Is there a way to assign an available ASA port (Ethernet0/3), and have anything on that port use the T1 for internet? I did assign port 3, and also set up DHCP on that interface, but when I plug in my laptop -- I do get internet (I created a dynamic NAT rule) but it's going out the comcast isntead of the T1 interface.

How do I force outbound traffic on Ethernet0/3 to use Ethernet0/0 for internet? I'm thinking it has something to do with interface security level? I an unfamiliar with command line so if anyone knows how to accomplish this in ASDM that would hlep.

Here is what I have set up for the interfaces so far:

Ethernet0/0 (name = outside, security level = 1, IP address is public IP of T1)

Ethernet0/1 (name = inside, security level = 100, IP address is

Ethernet0/2 (name = comcast, security level = 0, IP address is public IP of comcast)

Ethernet0/3 (name = VOIP, security level = 100, IP address is

Any help is greatly appreciated!

Rising star

Can you post your Dynamic NAT Config?

It sounds like, you may have it going from, (VOIP,comcast) and not (VOIP,outside)

Thanks John,

I wish I knew how to do that (or maybe I do?). I ran show run from the CLI and here are the only nat references I found:

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1

nat (VOIP) 1

Is there a better way to get the info?

paolo bevilacqua
Hall of Fame Master

Wrong forum, post in security - firewalling. You can move you post using the actions panel on the right.

Type 'show run global' .

The ASA does not support PBR so you cannot mark traffic to leave based on source only based on destination that is normally done by routing or NAT.

Q.   Can Cisco 5500 Series ASA do a Policy Based Routing (PBR) like Cisco   Router? For example, mail traffic should be routed to first ISP while http   traffic should be routed to the second one.

A. Unfortunately, there is no way to do policy-based routing on the ASA at       this time. It can be a feature that is added to the ASA in the future.

Note: The route-map command is used to redistribute routes between routing protocols, such as OSPF           and RIP, with the use of metrics and not to policy route regular traffic as in           routers.

Please rate our assistance with marking the post as answered.

Value our effort and rate the assistance!
Jouni Forss


With the very latest 8.4 and 9.x software levels you could utilize NAT to have one LAN use ISP1 and other LAN use ISP2.

Its not something that Cisco nor I really suggest but it works.

In your current software level you wont able to implement it since it uses the older NAT configuration format.

- Jouni

Content for Community-Ad