Hi Kamran Using routes and NAT should solve the problem. Why do you need to change the security levels?
With regards Kings On Tue, Jul 13, 2010 at 9:13 PM, Kamran Shakil <[email protected]>wrote: > > Dear Experts, > > I have worked with 1 dmz + 1 inside + 1 outside many times... but now i > have a strange scenario, where i have > one ASA 5520 Firewall only and the situation demands are 2 outside + 1 dmz > + 1 inside ... > > Questions: > =========== > 1> i have only single context , is it possible and can i only play with > security levels to make it work ! > 2> on 2 outside interfaces i have ISP 1 and ISP2 connected respectively. > how can i use it differently > for different types of traffic , i think there is no route-map in asa > firewalls ? please provide clue/hint. > > 3> can i use mapping to same machine from both ISPs'... meaning if i have > IP 172.16.1.1 can i map it to > ISP1 POOL IP ADD <---> 172.16.1.1 and if this pool fails to > exisit or resolve then, > mapping changes to ISP2 POOL IP ADD <---> 172.16.1.1 > > THIS IS my 3rd question ? > > 4> IF I MAKE MY DMZ AND INSIDE INTERFACE WITH SAME SECURITY LEVEL ? do i > need to do NAT ? since overall NAT-CONTROL > is enabld and i dont wanna stop it due to NATing for regular users from > the inside going to OUTSIDE (ISP1) ??? > > > > waiting for reply, > > > regards, > > Kamran Shakil > ITA NDC Operations Engineer > Cisco - IT Advance Services Team > MidEast Data Systems LLC Oman > Cell: + 968 95804126 > Office: + 968 24576640 > > Confidentiality Warning: "This message and any attachments are intended > only for the use of the intended recipient(s), are confidential, and may be > privileged. If you are not the intended > recipient, you are hereby notified that any review, retransmission, > conversion to hard copy, copying, circulation or other use of all or any > portion of this message and any attachments is strictly > prohibited. If you are not the intended recipient, please notify the sender > immediately by return e-mail, and delete this message and any attachments > from your system." > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
