08-31-2008 02:41 AM - edited 03-03-2019 11:20 PM
I have an ASA5510 that is configured with site-to-site VPN (4 sites), static and dynamic NAT.
I've configured a second WAN interface (outside2) to a new DSL circuit to split out traffic for : a) VPN and b) all other services.
I've enabled dynamic NAT on the new WAN, made it my default route and disabled dynamic NAT on the old WAN (outside1).
All the services on the new WAN circuit work fine.
BUT - my traffic is not routing properly now that the old WAN is not the default route.
Any ideas as to where I've gone wrong ?
08-31-2008 04:12 AM
first of all ASA firewall not like a router not able to do PBR policy based routing or loadbalancing on two WAN interface however u can make then work as primary and backup
in ur config
i think u need to do the following to make all the route go through the outside1 incase of outside1 down the route will go to outside2
for example
route outside1 0.0.0.0 0.0.0.0 [next hop ip or interface]
then increase the route metric on the second default route to make the first one the prefered
route outside2 0.0.0.0 0.0.0.0 [next hop ip or interface]
for more details see the following link will be usefull for ur case
good luck
please, if helpful Rate
08-31-2008 05:29 AM
I thought that this was a static route issue of some sort. just need to point the vpn traffic onto the right interface
Could OSPF help in this instance ?
08-31-2008 05:47 AM
ok ospf will chose one path
so no loadbalancing
the same !!
08-31-2008 07:05 AM
Will purchasimg Cisco ASA 5510 Security Plus license allow me to load balance ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide