02-17-2017 11:32 PM - edited 03-05-2019 08:03 AM
Hi there,
We have ASA 5540 that must route two ISPs with different NATed addresses for each ISP.
ISP selection is based on source IP addresses. I can use a router for the purpose of choosing outside. but I don't know why only one outgoing line is active! I think that routing to router does not function properly but I don't know why?!
(Rational Topology is attached)
I will appreciate if someone can help me or recommend an other solution for this problem.
Sincerely
02-18-2017 12:28 AM
In your situation I would do the NAT on the router and not on the ASA. That is the "logical" NAT-point where you change from private to public addressing.
02-18-2017 12:48 AM
Dear Karsten,
Thanks for your reply,
Before extending to second ISP, we have a lot of NAT and ACL rules that I prefer not to migrate to router (Before second ISP being raised up, Router has not been used and now I think that it should be applied for doing such routing).
Thanks
02-18-2017 01:45 AM
Then: do you really need that router? If the ISPs connect through Ethernet, then you could eliminate that router completely and connect directly to the ISP-equipment on the ASA.
02-18-2017 02:43 AM
can you explain more, please...
While I testing such condition, all traffic goes from one ISP out.
(1- proxy arp must be disabled for both inside & outside interfaces or not?
2- Can I do with ASA's routemap only?)
Regards
02-18-2017 03:01 AM
for my last answer I imagined to late that you are running a legacy ASA which can not do Policy-Based-Routing (PBR). With that you really have to use the router for PBR.
How is PBR configured on the router to send traffic out of the right ISP?
02-18-2017 04:35 AM
02-18-2017 04:35 AM
please remove the config and replace it with one that doesn't has passwords in it ...
02-18-2017 04:50 AM
Not important. IPs are not real addresses. BTW, I do it.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: