11-06-2013 05:18 PM - edited 03-11-2019 08:01 PM
Hello,
I have a Cisco ASA 5510 running 8.2(5) firmware, "base" license and 1GB memory.
Currently we have a running/working network on 192.168.100.0 (Ethernet0/1) that uses comcast (Ethernet0/2) for the ISP.
There is also a T1 at the location that we would like to utilize for the VOIP phones. Is there a way to assign an available ASA port (Ethernet0/3) 192.168.123.1, and have anything on that port use the T1 for internet? I did assign port 3 192.168.123.1, and also set up DHCP on that interface, but when I plug in my laptop -- I do get internet (I created a dynamic NAT rule) but it's going out the comcast isntead of the T1 interface.
How do I force outbound traffic on Ethernet0/3 to use Ethernet0/0 for internet? I'm thinking it has something to do with interface security level? I an unfamiliar with command line so if anyone knows how to accomplish this in ASDM that would hlep.
Here is what I have set up for the interfaces so far:
Ethernet0/0 (name = outside, security level = 1, IP address is public IP of T1)
Ethernet0/1 (name = inside, security level = 100, IP address is 192.168.100.1)
Ethernet0/2 (name = comcast, security level = 0, IP address is public IP of comcast)
Ethernet0/3 (name = VOIP, security level = 100, IP address is 192.168.123.1)
Any help is greatly appreciated!
11-06-2013 06:17 PM
Can you post your Dynamic NAT Config?
It sounds like, you may have it going from, (VOIP,comcast) and not (VOIP,outside)
11-06-2013 08:38 PM
Thanks John,
I wish I knew how to do that (or maybe I do?). I ran show run from the CLI and here are the only nat references I found:
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 192.168.100.0 255.255.255.0
nat (VOIP) 1 192.168.123.0 255.255.255.0
Is there a better way to get the info?
11-07-2013 01:04 AM
Wrong forum, post in security - firewalling. You can move you post using the actions panel on the right.
11-07-2013 03:58 AM
Type 'show run global' .
11-07-2013 12:54 PM
The ASA does not support PBR so you cannot mark traffic to leave based on source only based on destination that is normally done by routing or NAT.
A. Unfortunately, there is no way to do policy-based routing on the ASA at this time. It can be a feature that is added to the ASA in the future.
Note: The route-map command is used to redistribute routes between routing protocols, such as OSPF and RIP, with the use of metrics and not to policy route regular traffic as in routers.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item09186a00805b87d8.shtml
Please rate our assistance with marking the post as answered.
11-07-2013 12:57 PM
Hi,
With the very latest 8.4 and 9.x software levels you could utilize NAT to have one LAN use ISP1 and other LAN use ISP2.
Its not something that Cisco nor I really suggest but it works.
In your current software level you wont able to implement it since it uses the older NAT configuration format.
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide