PIX 8.0 Route through Different interface

Hello Experts,

I would like to change my current (route outside 0.0.0.0 0.0.0.0 64.64.64.230 1) outgoing internet traffic through different interface  (route dsl1 0.0.0.0 0.0.0.0 192.168.254.254 2)


route outside 0.0.0.0 0.0.0.0 64.64.64.230 1
route dsl1 0.0.0.0 0.0.0.0 192.168.254.254 2
route dsl2 0.0.0.0 0.0.0.0 172.16.17.254 3

i Tried unplugging the outside interface hoping internet traffic would go out the other interfaces but it did not. so maybe  i am  overlooking something. I thought that since they have 1, 2, 3, after each route it is supposed to go out other interfaces if it fails on the first one.
Please note i can only use  SSH to make changes no ASDM
Please provide exact step by step solution. my PiX knowledge is very limited
Running Config Attached
Thank you
Running-Config-temp.txt
icdl101Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
Weight means the higher the number, the lower the preference. Note the used term is weight.
You should use interface versus IP when your DSL feed can drop as that will auto transition by removing the route from consider while the ip based roure will need to have tests to dynamically test a path and then update

route outside 0.0.0.0 0.0.0.0 outside_interface 1
route dsl1 0.0.0.0 0.0.0.0 dsl1_interface 2
route dsl2 0.0.0.0 0.0.0.0 dsl2_interface 3

This way when DSL1 drops, the second route will become invalid and will be removed.

There are other issues when using interfaces in routing rules.
If you use IPs, you have to use SLA type tests such as pinging a destination by way of a specific interface and on failure, you apply a rule to ...reduce its preference.....
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
arnoldCommented:
Look at the reference that applies to version iOS 9.x rather but they may have a similar for version 8.3 or potentially you could update yours to get ...

But the discussion covers what you are asking about which deals with converging access to the outside when there is an issue with a preferred path.

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118962-configure-asa-00.html
0
WissamSenior Network EngineerCommented:
Have you tried to link ip slas on routes?

route outside 0.0.0.0 0.0.0.0 2.2.2.2 track 1
route Dsl2 0.0.0.0 0.0.0.0 3.3.3.3 20
sla monitor 10
type echo protocol ipIcmpEcho 8.8.8.8 interface outside
num-packets 3
frequency 10
sla monitor schedule 123 life forever start-time now
track 1 rtr 123 reachability


You can do NAT in same way,  name the interfaces depending on what you use
0
icdl101Author Commented:
Thank you Guys,
The solutions has been  very helpful. Really appreciate your time and effort.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.