Requirement
If we are using Public IP address provided by ISP1 and ISP2, and wants to make both public links active at a time.
For this purpose , we can use Traffic zones so that we will be able create two default routes.
Outbound Traffic- Load balanced across two ISPs, We should do tracking as well to identify failed routes
Inbound Traffic - ASA will return the traffic through the same interface it is coming from.
Additional requirement- Secondary or Additional IP address in Public (dmz/inside) server
Example.
Topology
R3 is the remote user
R1 - ISP1 Router
R2- ISP2 Router
ASA- Customer side ASA
R4- Internal or DMZ public server with 2 ip address
Configuration required in ASA
1. Traffic zones
config mode-
zone ISP
zone Internal
Interface mode
zone-member ISP // for both ISP interfaces
2. Routes
route outside1 0.0.0.0 0.0.0.0 192.168.3.2 1
route outside2 0.0.0.0 0.0.0.0 192.168.4.2 1
You may need to create tracking for above routes.
3. NAT
nat (inside1,outside1) source static inside1_192.168.100.100 public1_1.1.1.1 ( NAT for primary IP)
nat (inside1,outside2) source static inside2_192.168.100.101 public2_2.2.2.2 ( NAT for secondary/additonal IP through seondary ISP)
nat (inside1,outside1) source dynamic inside1_192.168.100.100 interface
nat (inside1,outside2) source dynamic inside1_192.168.100.100 interface
pm me if you need any help
Please note: Alternate option is use Policy based routes in ASA, so if ip address in secondary , then we can set next hop to secondary IP.
If we are using Public IP address provided by ISP1 and ISP2, and wants to make both public links active at a time.
For this purpose , we can use Traffic zones so that we will be able create two default routes.
Outbound Traffic- Load balanced across two ISPs, We should do tracking as well to identify failed routes
Inbound Traffic - ASA will return the traffic through the same interface it is coming from.
Additional requirement- Secondary or Additional IP address in Public (dmz/inside) server
Topology
R3 is the remote user
R1 - ISP1 Router
R2- ISP2 Router
ASA- Customer side ASA
R4- Internal or DMZ public server with 2 ip address
Configuration required in ASA
1. Traffic zones
config mode-
zone ISP
zone Internal
Interface mode
zone-member ISP // for both ISP interfaces
2. Routes
route outside1 0.0.0.0 0.0.0.0 192.168.3.2 1
route outside2 0.0.0.0 0.0.0.0 192.168.4.2 1
You may need to create tracking for above routes.
3. NAT
nat (inside1,outside1) source static inside1_192.168.100.100 public1_1.1.1.1 ( NAT for primary IP)
nat (inside1,outside2) source static inside2_192.168.100.101 public2_2.2.2.2 ( NAT for secondary/additonal IP through seondary ISP)
nat (inside1,outside1) source dynamic inside1_192.168.100.100 interface
nat (inside1,outside2) source dynamic inside1_192.168.100.100 interface
pm me if you need any help
Please note: Alternate option is use Policy based routes in ASA, so if ip address in secondary , then we can set next hop to secondary IP.
