Steve, You could keep your ASA and use it for all the stuff it does well. Put your 2500 or a 2600 or something right in front of it and set up your route maps as before.
The ASA is a great security device. If you have a crusty old Cisco router (or anything else for that matter) that can handle your route map needs then keep it in place to do that job. Be sure to turn on CEF if its available to you. Ryan On Mon, 2006-05-15 at 16:19 -0400, Steve Hoffman wrote: > Can anyone suggest a decent router, that can also be used as a firewall with > NAT? I was able to set a cisco 2500 series router to route between two > incoming connections by using route-maps. I've recently purchased a Cisco > ASA 5510 to add a little more protection and was assured at the time of > purchase it could do what I needed..well, now I see that it can not. If I > have to purchase a second one I will, but I'd rather have a good router that > can route between more then one inbound provider and restrict access to our > public interfaces. > > Here's what I want... > > All addresses are private IP's on the internal network (10.0.0.0/24) > > A total of two incoming internet connections with three separate IP ranges > (2 /29's and 1 /28) > > I'd prefer that all traffic go out via one default ip address UNLESS a NAT > rule is setup to translate to one of the 24 available IP addresses, at which > point the packet should go to the default gateway for that network.... > > I can't imagine I'm the first person to want this, but I guess I'm the first > to want to do it with an ASA? On the surface the ASA can do everything > EXCEPT specify the next hop for an external internet connection. It only > allows for one default route and doesn't allow for a "set default next-hop > xxx.xxx.xxx.xxx" as a router does...which shoots my whole plan to shit. > I've considered using RIP or OSPF, but unfortunately one of our internet > connections is a RR business class (hey..it's got great download speed) > connection that I can't alter the routing info so that's out. > > As always, your words of wisdom are welcome. > > Thanks, > Steve -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
