Have you considered virtual firewalls on the ASA? Create one context for the existing setup and point the default gateway to the HSRP address between R1 and R2. Create a second context for the new requirement and point the default gateway to R3.
I haven't done virtual contexts on ASA's but if virtual contexts work they same way they do on the ACE then I think this might work. Each context can have its own default gateway. HTH On Nov 16, 2010, at 10:13 AM, A 1 wrote: > Behind the ISP router I have a firewall but firewall does not support policy > based routing. > > > ---------- router3 ( new isp) > firewall ---------- router2 ( old isp ) > ---------- rotuer1 ( old isp ) > > router 1 and router 2 are running HSRP and have a default route from firewall > for outgoing traffic for HSRP address. I can NAT for incoming traffic from > router3 but for outgoing traffic ??? > > Regards > M > > On Tue, Nov 16, 2010 at 10:00 AM, --Hammer-- <[email protected]> wrote: > So we are only halfway there. > > > This really depends on how radical you want to go. You could always fire up a > second network. Trunk it, dual NICs, etc. NAT it back at the edge routers to > a public address. I mean, there are several ways to do it but there is an > ugliness factor to contend with. How ugly do you want to make it? > > > > > --Hammer > > > "I was a normal American nerd." > -Jack Herer > > > From: A 1 [mailto:[email protected]] > Sent: Tuesday, November 16, 2010 8:56 AM > To: --Hammer-- > Cc: [email protected] > > > Subject: Re: [OSL | CCIE_RS] DUAL homed > > > I can apply the PBR for outgoing traffic the firewall ASA does not support > source based routing. > > > Regards > > M > > On Tue, Nov 16, 2010 at 9:47 AM, --Hammer-- <[email protected]> wrote: > > Ok, I try not to speak up on technical stuff because there are far smarter > people on this thread than me but why can’t you do PBR on the routers for > this? This new application is going to have a unique IP address right? So why > can’t you write some route maps for the IP address of the application and PBR > it to the right circuit? Am I missing something? > > > > > --Hammer > > > "I was a normal American nerd." > -Jack Herer > > > From: [email protected] > [mailto:[email protected]] On Behalf Of A 1 > Sent: Monday, November 15, 2010 12:07 PM > > > To: [email protected] > > Subject: Re: [OSL | CCIE_RS] DUAL homed > > > > On Mon, Nov 15, 2010 at 1:06 PM, A 1 <[email protected]> wrote: > > Hello, > > > My apologies if I put this request in the wrong section. > > > Can any one help me out .. I have two ISP routers( from the same company ) > working as a primary and secondary ( HSRP ) and all our network outbound is > using this HSRP address. There is an ASA firewall behind these routers. I > have a requirement for a portal applcation having couple of servers that > resides in firewall DMZ should pass through a new circuit ( ISP ) i.e only > portal servers should use this new ISP circuit. How can I do that.. one > solution that I was thinking to > > - enable static NAT (with the ISP provided IP with local IP at DMZ for all > servers) > > - source based routing > > > but there is no policy base routing supported by ASA > > http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item09186a00805b87d8.shtml#pbr > > > My preference is not to use BGP > > Regards > > M > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
