Cisco ASA and Multiple ISPs

[mogulbumm]

I have an ASA5500 and want to set it up with 1-to-1 NAT and use two different ISPs.

My main question is routing.

How do I set up routing so that most traffic goes out ISP1 but traffic from one server goes out ISP2.

Example:

xxx.xxx.xxx.xxx is the ISP 1 Gateway
yyy.yyy.yyy.yyy is the ISP 2 Gateway

Currently, I have:
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
This is using a single ISP and it works for traffic. However I want a single IP 192.168.254.8 to route out yyy.yyy.yyy.yyy for all traffic (and have inbound rules using 1-to-1 go back to that server).

Is this possible?

 

[burtsbees]

Here's an example for an FTP server, which utilizes port 21...
router>en
router#conf t
router(config)#ip nat inside source static tcp 192.168.254.8 21 (outside interface, or yyy.yyy.yyy.yyy) 21

Is this what you need? Oh, man---just noticed you have an ASA...there is a PIX forum as well, where I believe you'll get better response...here

http://www.tek-tips.com/threadminder.cfm?pid=1117

Burt

 

[mogulbumm]

Thanks Burt,

That is the line to configure the server for static NAT, but I'm looking for a way to route the traffic from this single server out the proper WAN2 port while routing the remainder of the internal traffic out the WAN1 port.

Brett

 

[drae73]

You might be able to get away with this by doing a static for that specific server to the ISP2 interface. For instance as follows:


ISP1 ISP2
| |
| |
| |
----------
ASA
----------
|
|
|
Inside


config could be as such
nat (inside) 1 0 0
global (ISP1) 1 interface
static (inside,ISP2) x.x.x.x x.x.x.x.x

That should do it, but I'm not positive about the return routing. You may have to play with this one a little bit.

By design, the pix/asa platform does not do load balancing of any sort in current code. However it does do redundant links.

 

[ducati916]

hi ,

we have the same problem, do you have any solution about this problem.