Solved: 2 ISP, 1 Router, 2 Severs.

jfalcon · ‎08-22-2016

Pardon any ignorance in the question. I have an ASA 5515-x at my work place and we just added a second ISP to one of the interfaces. We have two servers on the inside of our network and we would like each server to use one of the internet connections the ASA is connected to. Is there any way I can place one server to send all its content out one pipe and the other server through the other, without each interfering with the other. Any help would be appreciated. Thanks in advance.

Terence Payet · ‎08-23-2016

Hello,

I havent try the below before but i guess you can.

Try the below config:

Example 1

interface gi0/1

nameif ISP_1

security-level 0

ip address 1.1.1.1 255.255.255.252 (replace with your real ip)

interface gi0/2

nameif ISP_2

security-level 0

ip address 2.2.2.1 255.255.255.252 (replace with your real ip)

interface gi0/3

nameif INSIDE

security-level 100

ip address 192.168.1.1 255.255.255.0

object network SERVER_1

host 192.168.1.10

nat (INSIDE,ISP_1) dynamic interface

object network LAN_TO_INTERNET

subnet 192.168.1.0 255.255.255.0 => Note that server 2 will fall together with your inside address

nat (INSIDE, ISP_2) dynamic interface

Example 2 ( Server resides on DMZ ) Static PAT will be used

interface gi0/1

nameif ISP_1

security-level 0

ip address 1.1.1.1 255.255.255.252 (replace with your real ip)

interface gi0/2

nameif ISP_2

security-level 0

ip address 2.2.2.1 255.255.255.252 (replace with your real ip)

interface gi0/3

nameif INSIDE

security-level 100

ip address 192.168.1.1 255.255.255.0

interface gi0/4

nameif DMZ

security-level 100

ip address 192.168.20.1 255.255.255.0

object network SERVER_1

host 192.168.20.10

nat (INSIDE,ISP_1) static interface service tcp 80 80 (This will allow anything from and to port 80)

object network SERVER_1

host 192.168.20.20

nat (INSIDE,ISP_2) static interface service tcp 80 80

check http://www.tunnelsup.com/nat-for-cisco-asas-version-8-3 for more examples.

HTH.

Regards,

Terence

View solution in original post

Terence Payet · ‎08-23-2016

Hello,

I havent try the below before but i guess you can.

Try the below config:

Example 1

interface gi0/1

nameif ISP_1

security-level 0

ip address 1.1.1.1 255.255.255.252 (replace with your real ip)

interface gi0/2

nameif ISP_2

security-level 0

ip address 2.2.2.1 255.255.255.252 (replace with your real ip)

interface gi0/3

nameif INSIDE

security-level 100

ip address 192.168.1.1 255.255.255.0

object network SERVER_1

host 192.168.1.10

nat (INSIDE,ISP_1) dynamic interface

object network LAN_TO_INTERNET

subnet 192.168.1.0 255.255.255.0 => Note that server 2 will fall together with your inside address

nat (INSIDE, ISP_2) dynamic interface

Example 2 ( Server resides on DMZ ) Static PAT will be used

interface gi0/1

nameif ISP_1

security-level 0

ip address 1.1.1.1 255.255.255.252 (replace with your real ip)

interface gi0/2

nameif ISP_2

security-level 0

ip address 2.2.2.1 255.255.255.252 (replace with your real ip)

interface gi0/3

nameif INSIDE

security-level 100

ip address 192.168.1.1 255.255.255.0

interface gi0/4

nameif DMZ

security-level 100

ip address 192.168.20.1 255.255.255.0

object network SERVER_1

host 192.168.20.10

nat (INSIDE,ISP_1) static interface service tcp 80 80 (This will allow anything from and to port 80)

object network SERVER_1

host 192.168.20.20

nat (INSIDE,ISP_2) static interface service tcp 80 80

check http://www.tunnelsup.com/nat-for-cisco-asas-version-8-3 for more examples.

HTH.

Regards,

Terence

jfalcon · ‎08-23-2016

Very helpful, I contacted a cisco tech and he did just that. I had forgotten to place the second static route for the second ISP and he set my nat to work correctly. Thanks for the assistance.