Dual ISP with Cisco ASA5510 - PBR

[Triple H]

i am using Cisco ASA5510 as i stated in my title. i have 2 Cisco ASA5510 whose interfaces are connected to switch and Cisco 2811 fastethernet also connect with it. here what i want is DMZ to Outside traffic should go through ISP1, after that the whole traffic from in to out take a primary route through ISP 2. so in-short i just want to configure PBR. but here i am not understand how can i do this. please if anyone has any idea about tihs than please provide me. this is bit new thing for me. first time i am going to do all this.

[Caelyn]

I do not know a trick to the ASA (PIX), a second default route and then teaching could also impose a policy. Unfortunately, the ASA is much more firewall as a router. The ASA can have multiple contexts, such a thing as virtual machines. Only then they would have different IP addresses. This shifts the problem of deciding which gateway the traffic must take before the ASA to the user. It would thus not solve the problem. On a (Cisco) routers would be quite possible, but the traffic would not only be sorted by port really after http / https. At least I understand that in your question as Web traffic. The keyword here is then PBR policy based routing.

[AmaF]

Think about times whether you're better off using a proxy server. A proxy server may be preferable to use a DSL line and in addition also filter unwanted websites and include virus scanners. Or the other way around: everything uses a DSL line. For VPN from outside the IP address of the second DSL line is used. With manual entries to route VPN traffic partners will also be placed on the second line. The email server is deflected by hand on the gateway of the second line. I admit this is not a nice solution but maybe it will help.

[Bjork]

Yes this is just because the ASA is now time no load balancer you could also halve the Internet:
route 128.0.0.0 128.0.0.0 1.1.1.2 ISP1
route 0.0.0.0 128.0.0.0 2.2.2.2 ISP2
But this again just not sorted by web traffic.

Cisco sells like other boxes, may turn out best redundant and does nothing to the revenue.

[shetty]

Today I looked briefly at the office site again and found the bookmark. The PIX / ASA Cisco FAQ says, among other things, the PBR on the ASA is not currently implemented. Maybe it's a trick yet. Except:

Code:

route ISP1 0 0 1.1.1.2 //Default route pointing to ISP1 
route ISP2 0 0 2.2.2.2 2 //Default route with Metric 2 via ISP2 
 
static (ISP2,inside) tcp 0.0.0.0 80 0.0.0.0 80 
static (ISP2,inside) tcp 0.0.0.0 443 0.0.0.0 443 
 
sysopt noproxyarp inside 
 
nat (inside) 1 0 0 
global (ISP1) 1 interface 
global (ISP2) 1 interface

I have not tried this trick.

[Triple H]

Really great. I'm going to try on the test box. I will post results. Did not know that you can specify the port in the routing. What it probably holds the IOS? Let's test.

[YPD]

Wow this is really helpful for me too. thank you so much for this help. i just test this and i get success in this.