Hi, Following scenario… We have a Cisco ASA firewall with ONE default static route to our external interface with a fast connection to the internet. Besides this we have another external interface which has also internet connection but over a different ISP and much slower. I have configured a Route-Map on an internal interface to route special traffic specially to this slower connection. Everything works fine. When I disable the external interface on the ASA with the slower internet connection, the traffic is automatically routed through the faster connection to the internet, which is also fine. BUT… when the interface with the slower connection stays up even there is no internet connection… the traffic is not routed automatically over the faster connection. I can configure over ASDM a “next hop verify availability” in the route-map under the tab “Policy Based Routing” (sequence number, ip address and tracking object id) but it doesn’t work and I guess I have to configure something else.   What do I have to configure additionally so that the special traffic is routed automatically to the faster connection when there is no internet connection on the slower interface?   If possible please explain the way over ASDM :-)   Thx!!!   Regards   Mike ... View more

Hi,   Is it possible to allow return traffic in on an ASA when the source ip address is from the same ip range like the server you want to contact? So… the ASA has an IP range on the external interface and all the clients get a specific ip address from this range with the help of PAT when they surf the internet for example. But is it possible to access a server which is in the DMZ with a public ip address in the same ip range the clients are? What do I have to configure on the ASA to allow return traffic in? Before you ask... it is not possible to access the server from inside.   Thanks in advance!   Regards,   Mike ... View more