Solved

CISCO ASA 5510 and  2 ISP's

Posted on 2013-11-26
3
395 Views
Last Modified: 2013-12-01
Hi ALL

I have a Cisco 5510 with 2 DMZ interfaces and an outside & inside interface also. The outside interface is connected to our internet router interface, another interface is connected to our ISP.The ASA is configured to NAT translate IP addresses on the  DMZ to configured public addresses from our current ISP. We are due to migrate to a ISP with 6 times the bandwidth the second ISP is connected to another interface on the internet router.

The question I ask is would it be possible as part of a migration process to be able to configure  the ASA with the second ISP's public addresses also so that I can systematically move DMZ devices from the old ISP to the new ISP public addresses one at a time ???

Thanks
0
Comment
Question by:s1mwat
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 18

Accepted Solution

by:
Garry Glendown earned 500 total points
ID: 39680610
Configuring another external interface for the connection to the new ISP shouldn't be the problem, but routing most likely is ... as the ASA does not support "clean" PBR, it might be difficult to keep the devices reachable ... or rather, keep the answers going back out the right interface ... setting outgoing routes to one interface or the other will work, but for allowing remote access to DMZ devices you'd need to keep remote IPs reachable on either interface, depending on the target of the communication ...
0
 

Author Comment

by:s1mwat
ID: 39681155
Thanks, I presume also that I cannot place a secondary address on the outside interface so that the Internet router can deal with PBR ??
0
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 39681579
You don't need a secondary on the outside, you can just route the net through the ASA ... should work just fine ...
0

Featured Post

Are You Ransomware's Next Victim?

Worried about ransomware attacks hitting your organization?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with WatchGuard Total Security!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
This article is a how to to configure a UCS Ethernet-uplink portchannel via the console. It is easy to do and can be done quite quickly. In certain versions of the UCS manager the portchannel has issues coming up and this is a workaround. I am…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question