That would be expected behaviour with 2 default routes. The firewalls check for an active translation and use the one exists before creating a second. I expect the results would be somewhat confusing if you created a static statement for both isp's pointed to one internal address.
On 2011-08-04, at 6:08 PM, Jim Terry wrote: > Here is what I was told by the client as I was trying to sell him an ASA- > > he can open up one browser and do a whatismyip.com and knows that it is going > out ISP1. He can open up a second and do the same and gets an IP for ISP2. > There are without a doubt two ISPs for this client and no BGP. Each browser > session stays with the same ISP. > > I did do some research on this with SW and it seems legit. > > JT > > > > > On Thu, Aug 4, 2011 at 4:03 PM, Tyson Scott <[email protected]> wrote: > Jim, > > > > Are you saying it will make those sticky decisions based on protocol type > like Policy routing? ASA will do load balancing but not based on traffic > type. > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > Managing Partner / Sr. Instructor - IPexpert, Inc. > Mailto: [email protected] > Telephone: +1.810.326.1444, ext. 208 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE > (R&S, Voice, Security & Service Provider) certification(s) with training > locations throughout the United States, Europe, South Asia and Australia. Be > sure to visit our online communities at www.ipexpert.com/communities and our > public website at www.ipexpert.com > > > > From: [email protected] > [mailto:[email protected]] On Behalf Of Jim Terry > Sent: Thursday, August 04, 2011 5:13 PM > To: KERTESZ VIKTOR > Cc: [email protected] > > > Subject: Re: [OSL | CCIE_Security] Routing on FW two 2 ISP's > > > > > Hi all, > > > > I recently found out that Sonic Wall can do what you want. It has > 'stickiness' and will send one tcp session to ISP1 and the other tcp session > to ISP2. > > > > JT > > > > > > On Thu, Aug 4, 2011 at 8:18 AM, KERTESZ VIKTOR <[email protected]> wrote: > > If the only traffic You wish to realize on the LL is the POP3 email > retrieving, You could set a static route with tracking on the LL towards the > POP3 server. Unfortunately the ASA cannot do PBR neither handle two default > gateways. It’s a poor man’s redundant network access. Hmmm, it sounds strange > regarding ASA is not very cheap J So I agree with Steven: ASA is not a router. > > > > best regards, > > Viktor Kertesz > > system engineer > > > > Albacomp IT Co > > Hungary 8000 Szekesfehervar, Martirok utja 9. > > phone: 06-22/515-437 > > fax: 06-22/327-532 > > mobile: 06-20/492-3926 > > e-mail: [email protected] > > www.albacomp.com > > > > From: [email protected] > [mailto:[email protected]] On Behalf Of Todd Heide > Sent: Thursday, August 04, 2011 3:32 PM > To: 'Steven van Jaarsveld'; '[email protected]' > > > Subject: Re: [OSL | CCIE_Security] Routing on FW two 2 ISP's > > > > Something to remember about an ASA, it is not a router. What they are > looking to do should be done on a router using BGP. Since both lines run to > the same ISP, then a primary/backup solution should be done. On the leased > one router, you should have an Ethernet connection to the DSL, on that > interface you would use one public IP and tie it to a GRE tunnel back to the > ISP, run BGP over that link and over the LL, set BGP to prefer the LL with > the DSL as failover. When the LL fails, the IP’s on that line will > automatically swing over to the DSL. The company I work for does this for > the majority of our customers so they always have phones and internet. > > > > The ASA does have a failover setup called tracking, but, it wouldn’t let you > swing the IP to the other network, it only allows for internet backup, only a > router can do that. > > > > > > From: [email protected] > [mailto:[email protected]] On Behalf Of Steven van > Jaarsveld > Sent: Thursday, August 04, 2011 7:30 AM > To: [email protected] > Subject: Re: [OSL | CCIE_Security] Routing on FW two 2 ISP's > > > > Hi List > > > > I have a customer that has two links to a single ISP (one ADSL and the other > Leased Line) and he needs to connect these two routers to 2 interfaces on a > single ASA. These 2 links each have Public IP Addresses allocated to them and > both need to have the Default Route routed towards the routers. > > > > The customer wants to use the Leased Line link for sending and receiving POP3 > email (with the ADSL as backup for this) and then use the ADSL link for all > other traffic that exits or enters the organization. > > > > Any Ideas how to do this from the ASA5520? > > > > Regards > > Steven van Jaarsveld > > (CCNA; CCDA; CCNP; CCSP; CCIP; CCDP) > > Senior Network Engineer > > Systems Integration > Bytes Systems Integration > > > Tel (Switchboard): (+27) (11) 205-7000 | Direct: (+27) (11) 205-7882 > > Fax: (+27) (11) 205-7584 | Cell : (+27) 82-895-1212 > > Registration No: 1995/012031/07 > > Bytes Business Park, Block B, 241 Third Road, Halfway Gardens, Midrand > > P O Box 5905, Halfway House, 1685, Midrand > Web : www.btgroup.co.za | Press Office : www.itweb.co.za/office/bytes | > Licensing : www.purelicensing.co.za > > E-Mail Disclaimer: http://www.altron.co.za/email.asp or phone: (+27) (11) > 205-7000 > > <image001.png> > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
