Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1065
Views
5
Helpful
2
Replies

Cisco ASA 5505 - Dual WAN Loadbalancing / PBR / NAT Egress Interface Selection

PatrickB.
Level 1
Level 1

‎01-02-2015 06:03 AM - edited ‎03-05-2019 12:29 AM

Hi Guys,

I currently need to setup an ASA5505 with 2 WAN Connections.
One is with a dynamic IP, the other one is static.
I want it setup like that:

  • WAN-DYNAMIC = WAN with changing IP-Adress
  • WAN-STATIC = WAN with static IP
  • ASA 5505 = ASA
  • CLIENTx (192.168.1.101/24 -192.168.1.254/24)
  • EXCHANGE-Server (192.168.1.100/24)

 

CLIENTx      ->surfing, etc            |.>.>.>.>.>.>.>          |-> WAN-DYNAMIC
                                                      |ASA + NAT MAGIC |
EXCHANGE->MAIL and so on     |.>.>.>.>.>.>.>          |-> WAN-STATIC

 

I have already tried with different routing and NAT settings as well as some stuff from documentaries.
Like:
http://www.experts-exchange.com/Hardware/Networking_Hardware/Firewalls/Q_28093137.html
http://docwiki.cisco.com/wiki/Terminating_two_ISP%27s_on_ASA/PIX
http://www.experts-exchange.com/Security/Software_Firewalls/Cisco_PIX_Firewall/Q_28486879.html

 

Is there *any* way to solve this with an ASA 5505?

2 people had this problem
Labels:
0 Helpful
2 Replies 2

MOHAMMAD ALHAJ EID
Level 1
Level 1

‎01-03-2015 01:33 PM

As per my understanding you are looking for to load balance based on source IPs through  couple of WAN connections. I would advise you to add a router connected to this ASA, And connect both the ISP links into the router. Only One connection between the router and the ASA. Congifure the ASA to route all the traffic toward one outside interface connected to the router. In regards of the natting, Do an identity nat in the ASA so the router receive the routes withing the source NAT IPs.

 

Hence, Add an PBR based on the source IPs in the router toward the specific ISPs.

0 Helpful

PatrickB.
Level 1
Level 1
In response to MOHAMMAD ALHAJ EID

‎01-12-2015 06:10 AM

Hi Mohammad,

 

thank you for your answer.

You have the correct understanding but I am not willing to accept that solution.
I have read of a few solutions/bypasses that seem to have solved that problem somehow, I just couldn't reproduce the behaviour (because they were using an older ASA-Version).

 

Can anyone here tell me how I can configure my ASA 5505 (Version 9.2(3)) to use Policy Based Routing or a similiar behaviour?

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card