Cisco ASA5505 with Two Internet Connections

I am attempting to setup a new Cisco ASA5505 Firewall.

I have two DSL connections.  What I am trying to accomplish is have everyone on the network connecting through one DSL Connection and then have the second DSL used for my servers (email,web, etc).

Do I need the security plus bundle and DMZ capability?  Or can it be done without it?  I'm not looking for failover, just the ability to have both connections operational and have some port forwards through one DSL and other port forwards through DSL2.

I have setup my 0/0 interface with the first internet connection and have it operational.

I have tried setting up 0/1 as the second interface and then setting up Access Control and NAT rules on the second interface but I just can't figure it out.
Any help will be greatly appreciated.
truth_talkerAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
pgolding00Connect With a Mentor Commented:
all the above is correct, but this
http://www.packetu.com/2011/11/28/egress-interface-selection-on-the-cisco-asa/
might be useful. have not tested it myself, so cant guarantee that it works. and, as the article states, understand how arp behaves before trying to use this method. and note the comment towards the end about which link inbound traffic initiates on, because you are losing the ability to use tracking, sla and failure coverage of any form.

alternatively, put a router in front of the asa and connect the dsl links to that.
0
 
Marius GunnerudSenior Systems EngineerCommented:
yes you will need the security plus license to enable use of the 3rd VLAN.

for interface 0/1 are you trying to set that up for the LAN?  When you say you cant figure it out, could you please explane a little more of what is going wrong.

What version of ASA are you running?
0
 
lrmooreCommented:
You cannot use dual external connections for anything other than failover from one to the other. You cannot divide traffic like you want. The ASA is not capable of source-based routing which is required for your plan. We do this all the time on Cisco routers, but not on ASA.
Sorry to throw a monkey wrench in the plans..
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
Marius GunnerudSenior Systems EngineerCommented:
Ah of course, The ASA only supports one active default route at a time.  I forgot about that.
0
 
Jeff MorlenNetwork EngineerCommented:
I concur.
Only one route can be active at a time.
0
 
truth_talkerAuthor Commented:
Not sure how I did this or how I got it to work.  But I ended up enabling port 0/1 and blocking traffic to 0/1.  Then put two static routes in for the default gateways for both DSL connections.  I put a dynamic NAT on 0/0 and all the static NAT's/Access Rules on 0/1 and it's working.

May have an issue if I need to do static routes on 0/0, but shouldn't need that to my knowledge.
0
 
lrmooreCommented:
Sweet! Even us old dogs can learn new tricks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.