so your CEO is a tellytubbie?
Can't you split your current /24 into two separate /25 subnets?
That way you have two networks/vlans which can be routed differently when going outside (i'm assuming the ASA can do this, not a lot of experience with them)
Apologies if this has been mentioned already, didn't read
Btw in your drawing the two ethernet ports on the ASA in the 192.168.5.0 range could only be in that range if you split it into two networks. I don't think it can have two IPs in the same subnet. (can someone confirm this?)
edit:
better yet, you only need one trunk link between the ASA and the switch.
The interface on the ASA can be subdivided into subinterfaces as two default gateways for the two networks, ie: Ethernet0/1.10 and Ethernet0/1.20
The main interface Ethernet0/1 is configured as a trunk and so is the switch interface towards the ASA.
You can pick the number but it's easy to pick the same one as your two separate vlan numbers, like vlan 10 and 20 for example.
I hope this makes sense, I've been drinking.
I suggest just googling this stuff with terms like InterVLAN routing ASA and just go from there. There's loads of good examples online from cisco and other sources.
Sounds like a super tiny business. If that's the case, and you won't be slapped in the face for doing a hack job based on their hack requests...
Set the 4 shitty employees default gateway to the slow connection, set the 2 owner's gateway to the good connection, and put 2 batch files on their desktop... One that sets the gateway to the fast connection and the other that sets the gateway to the slow connection.
Anyone in IT is gonna throw up in their mouth a bit, but all the owners are going to see is that you got the job done same day at no cost or downtime and they love the power of choosing their connection. They will switch it back and forth every time facebook appears to load 2/10ths of a second slower than usual and just the act of 'doing' something will make it feel faster.
It's totally not worth the effort required to do this properly.
That's precisely what they want to be able to do, but there's no way to get that done without
a) Plugging AT&T's shit router with shit security directly into the LAN switch
b) Breaking their connection to the mail server (and any other database in the 192.168.5.0 /24 subnet)
The idea was to plug the AT&T router into the ASA for security, but don't know how to configure ethernet0/7 to configure VLAN 1 to route out to 2 different ports based on 2 diff IPs (one of which isn't even in the same fucking subnet and AT&T said the router must stay 192.168.1.254 no matter what). Cisco support said you can't even have VLAN traffic go out 2 different ports on the ASA 5505. I'm currently on the phone asking AT&T if we can put the router into the 192.168.5.x subnet ...
So given AT&T's insistence on router staying in 192.168.1.x, and executives' request, they want:
Default gateway 192.168.1.254 -> Ethernet 0/7
Default gateway 192.168.5.1 -> Ethernet 0/1
Except the office is all in 192.168.5.0/24.. It's a fucking headache of a dumb request. I'd rather put TOR clients on their computers.
ur not actually using 192.168.1.0 are u