Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

CISCO ASA 5510 and  2 ISP's

Posted on 2013-11-26
3
Medium Priority
?
402 Views
Last Modified: 2013-12-01
Hi ALL

I have a Cisco 5510 with 2 DMZ interfaces and an outside & inside interface also. The outside interface is connected to our internet router interface, another interface is connected to our ISP.The ASA is configured to NAT translate IP addresses on the  DMZ to configured public addresses from our current ISP. We are due to migrate to a ISP with 6 times the bandwidth the second ISP is connected to another interface on the internet router.

The question I ask is would it be possible as part of a migration process to be able to configure  the ASA with the second ISP's public addresses also so that I can systematically move DMZ devices from the old ISP to the new ISP public addresses one at a time ???

Thanks
0
Comment
Question by:s1mwat
  • 2
3 Comments
 
LVL 18

Accepted Solution

by:
Garry Glendown earned 1500 total points
ID: 39680610
Configuring another external interface for the connection to the new ISP shouldn't be the problem, but routing most likely is ... as the ASA does not support "clean" PBR, it might be difficult to keep the devices reachable ... or rather, keep the answers going back out the right interface ... setting outgoing routes to one interface or the other will work, but for allowing remote access to DMZ devices you'd need to keep remote IPs reachable on either interface, depending on the target of the communication ...
0
 

Author Comment

by:s1mwat
ID: 39681155
Thanks, I presume also that I cannot place a secondary address on the outside interface so that the Internet router can deal with PBR ??
0
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 39681579
You don't need a secondary on the outside, you can just route the net through the ASA ... should work just fine ...
0

Featured Post

WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When posting a question about a Cisco ASA, Cisco Router or Cisco Switch, it can aid diagnosis if a suitably sanitised copy of the config is provided. It is much better to leave as much of the configuration as original as possible, as it could be tha…
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question