<div>
It's not clear whether you are having a PBR problem, a failover problem, or an inability to test an incoming connection on the failover path with the default route directed to the primary provider.<br />
<br />
Can you be just a little more detailed with regard to the problem?<br />
<br />
(And, there should be a way to correct any of the three).
</div>


<div>
It's a little known fact that if you have two interfaces in 'Standby ISP' on an ASA, You can use the secondary interface for traffic that is sourced from OUTSIDE the ASA. <br />
<br />
This would seem to be exactly what you want? But it will only work with a static PAT (port forward) from the secondary interface, to an internal host.<br />
<br />
ie<br />
<br />
object network Internal_SSH_Server<br />
&nbsp;<br />
host 192.168.1.10<br />
&nbsp;<br />
nat (inside,secondary) static interface service tcp ssh ssh<br />
&nbsp;<br />
access-list inbound_secondary permit tcp any object Internal_SSH_Server eq SSH<br />
&nbsp;<br />
access-group inbound_secondary in interface secondary<br />
<br />
<br />
Pete
</div>


<div>
I would suggest going to 952-2, it supports PBR.
</div>


<div>
Been tasked with other things and can no longer work on this issue.
</div>


<div>
<div class="content wysiwyg-content">
ASA has 2 ISP connections. Primary and failover. I'm trying to NAT an IP on the failover connection for SSH traffic to an internal device on the LAN. <br />
<br />
I can never bring up the connection and I presume it is just routing it over the primary connection. I see that PBR is available on 9.4 but we're running 9.3 right now.<br />
<br />
Is there any workaround for this?<br />
<br />
Thanks!<br />
Jeremy
</div>
</div>


ASA has 2 ISP connections. Primary and failover. I'm trying to NAT an IP on the failover connection for SSH traffic to an internal device on the LAN. 

I can never bring up the connection and I presume it is just routing it over the primary connection. I see that PBR is available on 9.4 but we're running 9.3 right now.

Is there any workaround for this?

Thanks!
Jeremy

ASA PBR workaround

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.