That would be expected behaviour with 2 default routes. The firewalls check for 
an active translation and use the one exists before creating a second. I expect 
the results would be somewhat confusing if you created a static statement for 
both isp's pointed to one internal address. 

 
On 2011-08-04, at 6:08 PM, Jim Terry wrote:

> Here is what I was told by the client as I was trying to sell him an ASA-
>  
> he can open up one browser and do a whatismyip.com and knows that it is going 
> out ISP1.  He can open up a second and do the same and gets an IP for ISP2.   
> There are without a doubt two ISPs for this client and no BGP.  Each browser 
> session stays with the same ISP.
>  
> I did do some research on this with SW and it seems legit.
>  
> JT
>  
> 
> 
>  
> On Thu, Aug 4, 2011 at 4:03 PM, Tyson Scott <[email protected]> wrote:
> Jim,
> 
>  
> 
> Are you saying it will make those sticky decisions based on protocol type 
> like Policy routing?  ASA will do load balancing but not based on traffic 
> type.
> 
>  
> 
> Regards,
> 
>  
> 
> Tyson Scott - CCIE #13513 R&S, Security, and SP
> Managing Partner / Sr. Instructor - IPexpert, Inc.
> Mailto: [email protected]
> Telephone: +1.810.326.1444, ext. 208
> Live Assistance, Please visit: www.ipexpert.com/chat
> eFax: +1.810.454.0130
> 
>  
> 
> IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, 
> Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE 
> (R&S, Voice, Security & Service Provider) certification(s) with training 
> locations throughout the United States, Europe, South Asia and Australia. Be 
> sure to visit our online communities at www.ipexpert.com/communities and our 
> public website at www.ipexpert.com
> 
>  
> 
> From: [email protected] 
> [mailto:[email protected]] On Behalf Of Jim Terry
> Sent: Thursday, August 04, 2011 5:13 PM
> To: KERTESZ VIKTOR
> Cc: [email protected]
> 
> 
> Subject: Re: [OSL | CCIE_Security] Routing on FW two 2 ISP's
> 
> 
>  
> 
> Hi all,
> 
>  
> 
> I recently found out that Sonic Wall can do what you want.  It has 
> 'stickiness' and will send one tcp session to ISP1 and the other tcp session 
> to ISP2.
> 
>  
> 
> JT
> 
> 
> 
>  
> 
> On Thu, Aug 4, 2011 at 8:18 AM, KERTESZ VIKTOR <[email protected]> wrote:
> 
> If the only traffic You wish to realize on the LL is the POP3 email 
> retrieving, You could set a static route with tracking on the LL towards the 
> POP3 server. Unfortunately the ASA cannot do PBR neither handle two default 
> gateways. It’s a poor man’s redundant network access. Hmmm, it sounds strange 
> regarding ASA is not very cheap J So I agree with Steven: ASA is not a router.
> 
>  
> 
> best regards,
> 
> Viktor Kertesz
> 
> system engineer
> 
>  
> 
> Albacomp IT Co
> 
> Hungary 8000 Szekesfehervar, Martirok utja 9.
> 
> phone: 06-22/515-437
> 
> fax: 06-22/327-532
> 
> mobile: 06-20/492-3926
> 
> e-mail: [email protected]
> 
> www.albacomp.com
> 
>  
> 
> From: [email protected] 
> [mailto:[email protected]] On Behalf Of Todd Heide
> Sent: Thursday, August 04, 2011 3:32 PM
> To: 'Steven van Jaarsveld'; '[email protected]'
> 
> 
> Subject: Re: [OSL | CCIE_Security] Routing on FW two 2 ISP's
> 
>  
> 
> Something to remember about an ASA, it is not a router.  What they are 
> looking to do should be done on a router using BGP.   Since both lines run to 
> the same ISP, then a primary/backup solution should be done.  On the leased 
> one router, you should have an Ethernet connection to the DSL, on that 
> interface you would use one public IP and tie it to a GRE tunnel back to the 
> ISP, run BGP over that link and over the LL, set BGP to prefer the LL with 
> the DSL as failover.  When the LL fails, the IP’s on that line will 
> automatically swing over to the DSL.    The company I work for does this for 
> the majority of our customers so they always have phones and internet.
> 
>  
> 
> The ASA does have a failover setup called tracking, but, it wouldn’t let you 
> swing the IP to the other network, it only allows for internet backup, only a 
> router can do that.
> 
>  
> 
>  
> 
> From: [email protected] 
> [mailto:[email protected]] On Behalf Of Steven van 
> Jaarsveld
> Sent: Thursday, August 04, 2011 7:30 AM
> To: [email protected]
> Subject: Re: [OSL | CCIE_Security] Routing on FW two 2 ISP's
> 
>  
> 
> Hi List
> 
>  
> 
> I have a customer that has two links to a single ISP (one ADSL and the other 
> Leased Line) and he needs to connect these two routers to 2 interfaces on a 
> single ASA. These 2 links each have Public IP Addresses allocated to them and 
> both need to have the Default Route routed towards the routers.
> 
>  
> 
> The customer wants to use the Leased Line link for sending and receiving POP3 
>  email (with the ADSL as backup for this) and then use the ADSL link for all 
> other traffic that exits or enters the organization.
> 
>  
> 
> Any Ideas how to do this from the ASA5520?
> 
>  
> 
> Regards
> 
> Steven van Jaarsveld
> 
> (CCNA; CCDA; CCNP; CCSP; CCIP; CCDP)
> 
> Senior Network Engineer
> 
> Systems Integration
> Bytes Systems Integration
> 
> 
> Tel (Switchboard): (+27) (11) 205-7000   |   Direct: (+27) (11) 205-7882
> 
> Fax: (+27) (11) 205-7584    |   Cell : (+27) 82-895-1212
> 
> Registration No: 1995/012031/07
> 
> Bytes Business Park, Block B, 241 Third Road, Halfway Gardens, Midrand
> 
> P O Box 5905, Halfway House, 1685, Midrand
> Web  : www.btgroup.co.za  |  Press Office : www.itweb.co.za/office/bytes   |  
>  Licensing : www.purelicensing.co.za
> 
> E-Mail Disclaimer: http://www.altron.co.za/email.asp or phone: (+27) (11) 
> 205-7000
> 
> <image001.png>
> 
>  
> 
> 
> _______________________________________________
> For more information regarding industry leading CCIE Lab training, please 
> visit www.ipexpert.com
> 
> Are you a CCNP or CCIE and looking for a job? Check out 
> www.PlatinumPlacement.com
> 
>  
> 
> 
> _______________________________________________
> For more information regarding industry leading CCIE Lab training, please 
> visit www.ipexpert.com
> 
> Are you a CCNP or CCIE and looking for a job? Check out 
> www.PlatinumPlacement.com

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Reply via email to