Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1018
  • Last Modified:

Dual ISPs on Cisco ASA 5510

I am trying to set up two ISPs on a Cisco ASA 5510. I have it set up however I cannot get the second ISP to route traffic to my FTP server in the DMZ.
Setup:
interface0 - DMZ
interface1 - Internal Network
interface2 - ISP #1 Primary
interface3 - ISP #2 New

I  can route traffic from ISP 1 to DMZ however when I try to set-up access from ISP 2 to the DMZ it doesn't respond.

I want to allow fixed external users to route either over the first ISP to the ftp server in the DMZ or over the second ISP to the server in the DMZ

Is this possible?
0
txdolfan
Asked:
txdolfan
  • 2
1 Solution
 
LeDaoukCommented:
you have to add the IPS2 gateway to your dynamic NAT rule, and add a static route for ISP2 for outbound trafic but and for inbound trafic you have to add statitc nat rule
0
 
txdolfanAuthor Commented:
In my static routes I have the following:
Interface | IP Address | NetMask | Gatway IP | Metric
ISP1    0.0.0.0   0.0.0.0   74.7.100.81
inside 192.168.144.0 255.255.255.0  192.168.145.1

The ISP2 gateway is 65.36.78.1 My ISP2 IP is 65.36.78.4 -- Do I put a static route in for the 65.36.78.1 address?


In my DMZ NAT Rules i have translated External IPs pointing to the same IP of the FTP server.

I may be over my head.
0
 
LeDaoukCommented:
yeh create ISP2 0.0.0.0 0.0.0.0 65.36.78.1 with metric 2
and do not forget to add the 65.36.78.1 to the dynamic NAt rule, so you will have in the translated rule inside -> 2 outside
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now