thanks Tyson, As outgoing traffic is routed via firewall ASA and ASA does not support policy based routing..
On Tue, Nov 16, 2010 at 5:09 PM, Tyson Scott <[email protected]> wrote: > connect the new ISP to the active HSRP device. Policy route the traffic at > that point. Unless these are some seriously high speed bandwidth > interfaces, which I am assuming not since you are coming to us for support, > you should be fine having the two connections on one router. > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Managing Partner / Sr. Instructor - IPexpert, Inc. > > Mailto: [email protected] > > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *--Hammer-- > *Sent:* Tuesday, November 16, 2010 10:01 AM > *To:* 'A 1' > > *Cc:* [email protected] > *Subject:* Re: [OSL | CCIE_RS] DUAL homed > > > > So we are only halfway there. > > > > This really depends on how radical you want to go. You could always fire up > a second network. Trunk it, dual NICs, etc. NAT it back at the edge routers > to a public address. I mean, there are several ways to do it but there is an > ugliness factor to contend with. How ugly do you want to make it? > > > > > > > > --Hammer > > > > "I was a normal American nerd." > -Jack Herer > > > > *From:* A 1 [mailto:[email protected]] > *Sent:* Tuesday, November 16, 2010 8:56 AM > *To:* --Hammer-- > *Cc:* [email protected] > *Subject:* Re: [OSL | CCIE_RS] DUAL homed > > > > I can apply the PBR for outgoing traffic the firewall ASA does not > support source based routing. > > > > Regards > > M > > On Tue, Nov 16, 2010 at 9:47 AM, --Hammer-- <[email protected]> wrote: > > Ok, I try not to speak up on technical stuff because there are far smarter > people on this thread than me but why can’t you do PBR on the routers for > this? This new application is going to have a unique IP address right? So > why can’t you write some route maps for the IP address of the application > and PBR it to the right circuit? Am I missing something? > > > > > > > > --Hammer > > > > "I was a normal American nerd." > -Jack Herer > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *A 1 > *Sent:* Monday, November 15, 2010 12:07 PM > > > *To:* [email protected] > > *Subject:* Re: [OSL | CCIE_RS] DUAL homed > > > > > > On Mon, Nov 15, 2010 at 1:06 PM, A 1 <[email protected]> wrote: > > Hello, > > > > My apologies if I put this request in the wrong section. > > > > Can any one help me out .. I have two ISP routers( from the same company ) > working as a primary and secondary ( HSRP ) and all our network outbound is > using this HSRP address. There is an ASA firewall behind these routers. I > have a requirement for a portal applcation having couple of servers that > resides in firewall DMZ should pass through a new circuit ( ISP ) i.e only > portal servers should use this new ISP circuit. How can I do that.. one > solution that I was thinking to > > - enable static NAT (with the ISP provided IP with local IP at DMZ for all > servers) > > - source based routing > > > > but there is no policy base routing supported by ASA > > > http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item09186a00805b87d8.shtml#pbr > > > > My preference is not to use BGP > > Regards > > M > > > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
