PIX 8.0 Route through Different interface

Hello Experts,

I would like to change my current (route outside 0.0.0.0 0.0.0.0 64.64.64.230 1) outgoing internet traffic through different interface  (route dsl1 0.0.0.0 0.0.0.0 192.168.254.254 2)


route outside 0.0.0.0 0.0.0.0 64.64.64.230 1
route dsl1 0.0.0.0 0.0.0.0 192.168.254.254 2
route dsl2 0.0.0.0 0.0.0.0 172.16.17.254 3

i Tried unplugging the outside interface hoping internet traffic would go out the other interfaces but it did not. so maybe  i am  overlooking something. I thought that since they have 1, 2, 3, after each route it is supposed to go out other interfaces if it fails on the first one.
Please note i can only use  SSH to make changes no ASDM
Please provide exact step by step solution. my PiX knowledge is very limited
Running Config Attached
Thank you
Running-Config-temp.txt
icdl101Asked:
Who is Participating?
 
arnoldCommented:
Weight means the higher the number, the lower the preference. Note the used term is weight.
You should use interface versus IP when your DSL feed can drop as that will auto transition by removing the route from consider while the ip based roure will need to have tests to dynamically test a path and then update

route outside 0.0.0.0 0.0.0.0 outside_interface 1
route dsl1 0.0.0.0 0.0.0.0 dsl1_interface 2
route dsl2 0.0.0.0 0.0.0.0 dsl2_interface 3

This way when DSL1 drops, the second route will become invalid and will be removed.

There are other issues when using interfaces in routing rules.
If you use IPs, you have to use SLA type tests such as pinging a destination by way of a specific interface and on failure, you apply a rule to ...reduce its preference.....
0
 
arnoldCommented:
Look at the reference that applies to version iOS 9.x rather but they may have a similar for version 8.3 or potentially you could update yours to get ...

But the discussion covers what you are asking about which deals with converging access to the outside when there is an issue with a preferred path.

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118962-configure-asa-00.html
0
 
WissamSenior Network EngineerCommented:
Have you tried to link ip slas on routes?

route outside 0.0.0.0 0.0.0.0 2.2.2.2 track 1
route Dsl2 0.0.0.0 0.0.0.0 3.3.3.3 20
sla monitor 10
type echo protocol ipIcmpEcho 8.8.8.8 interface outside
num-packets 3
frequency 10
sla monitor schedule 123 life forever start-time now
track 1 rtr 123 reachability


You can do NAT in same way,  name the interfaces depending on what you use
0
 
icdl101Author Commented:
Thank you Guys,
The solutions has been  very helpful. Really appreciate your time and effort.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.