cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2195
Views
0
Helpful
5
Replies

ASA 5510 ASDM 6.1 - multiple WAN interfaces

smithcolm
Level 1
Level 1

Hi,

I am trying to enable a second WAN interface on our ASA.

the end goal is to move all internet traffic to the new connection, but first i want to test it working.

I have setup my computer as an object in the ASDM and the interface is configured correctly (same settings on a different router and that was working)

I setup a route with a lower metric ( 1 lower than the default route which routes everything through current main internet interface) to route traffic from my computer out through the new interface but i am still connected on the old interface.

I duplicated some of th NAT rules  (but i would have thought if these werent working then i would have no internet connection anyway)

any help would be greatly appreciated.

Thanks

C

5 Replies 5

smithcolm
Level 1
Level 1

Hi,

I think i've traced the issue down to a NAT rule.

I added a dynamic NAT rule to nat my traffic onto the second internet interface and then all internet goes down.

i take out that rule and all internet is up.

the second interface is showing its link as up but i cant confirm that it is actually up.

i might try adding a laptop at other end or something and testing some pings to test for connectivity, unless anyone has any other ideas?

Cheers

HI,

     First try to check if ur new internet link is working or not.Try giving ur local system a public IP and then try to browse the internet.Do not forget to add the DNS server, or else you will not be able to surf.

If this test is fine, then just for testing try to host some server on the internet and check  if the connectvity is through. I don`t think you will be able to change your default route at the beginning , this has to be your last step, when you have migrated everything to your new set of IP`s.

And just for the info, if you are hosting a website kind of stuff, then the end user will not understand then your traffic will go in an a-symmetric way, which should be OK till the time you migrate.    

went to effort of emulating network in GNS3 and i was able to ping a virtual host on outside network from inside.

---

couldnt figure out why that worked then i realised i had a flippin' typo in the original interface config on the router.

corrected that.

I can now ping the ISP gateway but am still not able to browse the internet or even ping ips on the internet.

Figure this is some sort of Access rule or NAT thing i'm missing but cant see it.

think this is actually a routing issue.

i think when i nat my pc through new isp it works but routing isnt working.

i setup a route for my pc to route through the correct isp gateway but it cant get past this ip which makes me think that the route is incorrectly configured

(retested internet connection on a bog standard router and have confirmed internet is indeed working)

I think i am looking for policy based routing.

i am able to swap between routes but not able to run them simultaneously -

whereby i cannot have a computer connecting to 1 isp/interface and another computer connecting to another isp/interface.

or am i wrong there?

Review Cisco Networking for a $25 gift card