Cisco ASA5505 with Two Internet Connections

I am attempting to setup a new Cisco ASA5505 Firewall.

I have two DSL connections.  What I am trying to accomplish is have everyone on the network connecting through one DSL Connection and then have the second DSL used for my servers (email,web, etc).

Do I need the security plus bundle and DMZ capability?  Or can it be done without it?  I'm not looking for failover, just the ability to have both connections operational and have some port forwards through one DSL and other port forwards through DSL2.

I have setup my 0/0 interface with the first internet connection and have it operational.

I have tried setting up 0/1 as the second interface and then setting up Access Control and NAT rules on the second interface but I just can't figure it out.
Any help will be greatly appreciated.
truth_talkerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Marius GunnerudSenior Systems EngineerCommented:
yes you will need the security plus license to enable use of the 3rd VLAN.

for interface 0/1 are you trying to set that up for the LAN?  When you say you cant figure it out, could you please explane a little more of what is going wrong.

What version of ASA are you running?
0
lrmooreCommented:
You cannot use dual external connections for anything other than failover from one to the other. You cannot divide traffic like you want. The ASA is not capable of source-based routing which is required for your plan. We do this all the time on Cisco routers, but not on ASA.
Sorry to throw a monkey wrench in the plans..
0
Marius GunnerudSenior Systems EngineerCommented:
Ah of course, The ASA only supports one active default route at a time.  I forgot about that.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Jeff MorlenNetwork EngineerCommented:
I concur.
Only one route can be active at a time.
0
pgolding00Commented:
all the above is correct, but this
http://www.packetu.com/2011/11/28/egress-interface-selection-on-the-cisco-asa/
might be useful. have not tested it myself, so cant guarantee that it works. and, as the article states, understand how arp behaves before trying to use this method. and note the comment towards the end about which link inbound traffic initiates on, because you are losing the ability to use tracking, sla and failure coverage of any form.

alternatively, put a router in front of the asa and connect the dsl links to that.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
truth_talkerAuthor Commented:
Not sure how I did this or how I got it to work.  But I ended up enabling port 0/1 and blocking traffic to 0/1.  Then put two static routes in for the default gateways for both DSL connections.  I put a dynamic NAT on 0/0 and all the static NAT's/Access Rules on 0/1 and it's working.

May have an issue if I need to do static routes on 0/0, but shouldn't need that to my knowledge.
0
lrmooreCommented:
Sweet! Even us old dogs can learn new tricks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.