Hello, I am trying to figure out the proper configuration for ISP failover on my ASA 5510, here is my senario: Currently our primary ISP link is being provided by a consotium for schools so we have no public ip address on the outside interface of the ASA. The firewall is acting as a router, with no nat function on that link. We wanted to create a failover link to our cable provider which will give us a public ip on the second outside interface of the firewall, and I have it natted to the inside interface. When i set up SLA and the first routed link fails, it fails over to the natted link perfectly and i can see the nat translations. When SLA fails over again to the primary link the nat translations are not removed and internet access breaks until i remove the nat statements and clear xlate. If anybody has insight on this, or a possible workaround, your input will be greatly appreciated as my head hurts from banging it into a wall.
... View more