Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
351
Views
0
Helpful
1
Replies

Asa route to different interface

dan.letkeman
Level 4
Level 4

‎01-14-2014 08:39 AM - edited ‎03-04-2019 10:04 PM

Hello,

I currently have a very simple setup.  ASA 5520 advertizing a default route to a 4507 switch and one internet connection for all devices.  The asa does the firewalling and NAT.

What I want to do is add a second internet connection to the asa and route, not NAT some of the users to that interface.  This second connection will be a layer 2 network to our isp which is hosting a virtual firewall for us.  So we want all of our internal ip's to hit the private side of this virtual firewall.

That said i want to keep our existing internet connection and all of the current NAT setup on the ASA.

What would be the best way to accomplish this, as I see that the ASA does not support PBR.

Thanks,

Dan.

Labels:
0 Helpful
1 Reply 1

Vasilii Mikhailovskii
Level 7
Level 7

‎01-15-2014 01:10 AM

Hello, Dan.

Not clear what is desired configuration for this second link and do you need any Internet access failover between interfaces, but:

- you could create additional context on ASA and configure it for second link;

- in this case you will loose dinamic routing (not compatible with contexts);

- you won't be able to run one context in routing mode and another in transparent (if you thought about it);

- PBR should be done before traffic reaches ASA (on switch/router).

Do you have any diagram describing current configuration (almost clear) and configuration for second link (including IP-addresses, NAT and routing if present).

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card