CISCO Static Routing


We have CISCO ASA 3750 L3 Switch and we want to do load balancing across to Internet lines.  The issue that I have is that we have 1-to1 NATs for some of our devices on the network and I know that we cannot have them go out both Internet lines

How can I create a static route to the firewall that has the NAT policies for those devices

for example:

device needs its routes of last resort to go to

Thank you in advance
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

thomasm1948Author Commented:
would something like this work and still allow the device to all of my other VLANS

access-list 1 permit

route-map NatGwy permit 1
set up next-hop

ip policy route-map NatGwy

I am not sure but I think policy based routing might work.  any ideas?
thomasm1948Author Commented:
After reading I think I might have to do this , but I am unsure

access-list 1 deny ip host (new router gateway)
access-list 1 permit any (allowing the host to have access to the other VLANs

 route-map NatGwy permit 1
 set up next-hop (original gateway with the NAT policies)

 ip policy route-map NatGwy

Still unsure though
Craig BeckCommented:
The ASA doesn't do PBR; only redundant links/routing.

The 3750 doesn't do NAT.

Either way, you probably won't get what you want unless you use a proper router upstream from the ASA on the outside.
Cyber security certifications or degree?

Cyber security is in demand—big-time. So what do you need to build a career in this lucrative field? Is a degree a must-have, or are industry-leading certifications more sought-after? Is it possible to break into cybersecurity without a bachelor’s or master’s degree in the field?

thomasm1948Author Commented:

Sorry used some wrong terminology.  The 3750 is our core L3 switch in which currently the last resort route goes to

We got a new Internet line in and the school would like to load balance between them.  The issue that I see is there is static NAT policies on their Pix firewall.  If I do load balancing then those devices such a web portal is not going to work correctly being that the traffic could possibly go out the new pix firewall
Craig BeckCommented:
Ok, so load balancing is easy.  Just configure a second static route on the 3750 pointing to the new gateway and use the same metric.

You're right - static NAT will be a problem.  Where is your web portal?  Is it on your LAN but accessible from the internet?  If so, that's not going to work too well.  You will only be able to send that portal's traffic through one line at a time or it will break traffic, especially if it runs HTTPS.
thomasm1948Author Commented:
How can I route a single device through only one line and then have the rest do load balancing on the 3750.
thomasm1948Author Commented:
The web portal is on the LAN and is accessible for the teacher and students outside of the network
Craig BeckCommented:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
thomasm1948Author Commented:
does the 3750 support that.  If so would my idea above work then
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.