Solved

CISCO ASA 5510 and  2 ISP's

Posted on 2013-11-26
3
387 Views
Last Modified: 2013-12-01
Hi ALL

I have a Cisco 5510 with 2 DMZ interfaces and an outside & inside interface also. The outside interface is connected to our internet router interface, another interface is connected to our ISP.The ASA is configured to NAT translate IP addresses on the  DMZ to configured public addresses from our current ISP. We are due to migrate to a ISP with 6 times the bandwidth the second ISP is connected to another interface on the internet router.

The question I ask is would it be possible as part of a migration process to be able to configure  the ASA with the second ISP's public addresses also so that I can systematically move DMZ devices from the old ISP to the new ISP public addresses one at a time ???

Thanks
0
Comment
Question by:s1mwat
  • 2
3 Comments
 
LVL 17

Accepted Solution

by:
Garry-G earned 500 total points
ID: 39680610
Configuring another external interface for the connection to the new ISP shouldn't be the problem, but routing most likely is ... as the ASA does not support "clean" PBR, it might be difficult to keep the devices reachable ... or rather, keep the answers going back out the right interface ... setting outgoing routes to one interface or the other will work, but for allowing remote access to DMZ devices you'd need to keep remote IPs reachable on either interface, depending on the target of the communication ...
0
 

Author Comment

by:s1mwat
ID: 39681155
Thanks, I presume also that I cannot place a secondary address on the outside interface so that the Internet router can deal with PBR ??
0
 
LVL 17

Expert Comment

by:Garry-G
ID: 39681579
You don't need a secondary on the outside, you can just route the net through the ASA ... should work just fine ...
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Do you have a computer or other electronic gear that is attached to a rat nest of cables, or alternatively have your cables all bundled nice at neat?  If so then read this post to sidstep common pitfalls. When I was a student at DeVry University,…
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now