The ASA which I am using is a single context and no planning to go for virtual contexts. but your idea is good to go in this scenario..
On Wed, Nov 17, 2010 at 1:22 AM, Rogelio Gamino <[email protected]> wrote: > Have you considered virtual firewalls on the ASA? Create one context for > the existing setup and point the default gateway to the HSRP address between > R1 and R2. Create a second context for the new requirement and point the > default gateway to R3. > > I haven't done virtual contexts on ASA's but if virtual contexts work they > same way they do on the ACE then I think this might work. Each context can > have its own default gateway. > > HTH > > > On Nov 16, 2010, at 10:13 AM, A 1 wrote: > > Behind the ISP router I have a firewall but firewall does not support > policy based routing. > > > ---------- router3 ( new isp) > firewall ---------- router2 ( old isp ) > ---------- rotuer1 ( old isp ) > > router 1 and router 2 are running HSRP and have a default route from > firewall for outgoing traffic for HSRP address. I can NAT for incoming > traffic from router3 but for outgoing traffic ??? > > Regards > M > > On Tue, Nov 16, 2010 at 10:00 AM, --Hammer-- <[email protected]> wrote: > >> So we are only halfway there. >> >> >> This really depends on how radical you want to go. You could always fire >> up a second network. Trunk it, dual NICs, etc. NAT it back at the edge >> routers to a public address. I mean, there are several ways to do it but >> there is an ugliness factor to contend with. How ugly do you want to make >> it? >> >> >> >> >> --Hammer >> >> >> "I was a normal American nerd." >> -Jack Herer >> >> >> *From:* A 1 [mailto:[email protected]] >> *Sent:* Tuesday, November 16, 2010 8:56 AM >> *To:* --Hammer-- >> *Cc:* [email protected] >> >> *Subject:* Re: [OSL | CCIE_RS] DUAL homed >> >> >> >> I can apply the PBR for outgoing traffic the firewall ASA does not >> support source based routing. >> >> >> Regards >> >> M >> >> On Tue, Nov 16, 2010 at 9:47 AM, --Hammer-- <[email protected]> wrote: >> >> Ok, I try not to speak up on technical stuff because there are far smarter >> people on this thread than me but why can’t you do PBR on the routers for >> this? This new application is going to have a unique IP address right? So >> why can’t you write some route maps for the IP address of the application >> and PBR it to the right circuit? Am I missing something? >> >> >> >> >> --Hammer >> >> >> "I was a normal American nerd." >> -Jack Herer >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *A 1 >> *Sent:* Monday, November 15, 2010 12:07 PM >> >> >> *To:* [email protected] >> >> *Subject:* Re: [OSL | CCIE_RS] DUAL homed >> >> >> >> On Mon, Nov 15, 2010 at 1:06 PM, A 1 <[email protected]> wrote: >> >> Hello, >> >> >> My apologies if I put this request in the wrong section. >> >> >> Can any one help me out .. I have two ISP routers( from the same company ) >> working as a primary and secondary ( HSRP ) and all our network outbound is >> using this HSRP address. There is an ASA firewall behind these routers. I >> have a requirement for a portal applcation having couple of servers that >> resides in firewall DMZ should pass through a new circuit ( ISP ) i.e only >> portal servers should use this new ISP circuit. How can I do that.. one >> solution that I was thinking to >> >> - enable static NAT (with the ISP provided IP with local IP at DMZ for all >> servers) >> >> - source based routing >> >> >> but there is no policy base routing supported by ASA >> >> >> http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item09186a00805b87d8.shtml#pbr >> >> >> My preference is not to use BGP >> >> Regards >> >> M >> >> >> > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
