Afternoon All,
I am having a problem setting up a PIX-515E which has three interfaces: - inside (LAN) - outside (1st ISP) - outside_eclipse (2nd ISP)
As you can see from the attached config I have added both outside interfaces to the NAT pool, so static routing defines which traffic should be pumped out and natted to which interface. I have placed static routes for all the crypto peers to go out the outside interface.
When I change the default route to route outside_eclipse 0.0.0.0 0.0.0.0
Do a search in this newsgroup for the subject "ASA routing decision" posted on Oct 25th. , you'll find your answer.
Basically you need to route all your peer internal subnets on your outside so they can hit the crypto-map. When you change the default gateway, the packets tries to go out through the outside_eclipse interface so they never reach the crypto map.
Add
route outside_eclipse [peer internal ip subnet] [outside_eclipse gw]
then switch your default gateway and you should be fine
Thats what I was afraid of. Thanks for your advice.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.