https://community.cisco.com/t5/network-security/static-natting/m-p/1135288#M893797 <HTML><HEAD></HEAD><BODY><P>Ray, are you configuring asa for backup isp?</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml" target="_blank">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml</A></P><P></P><P>with above link you can try for inbound traffic through backup isp via (outside2) .</P><P></P><P>global (outside) 1 interface </P><P>global (outside2) 1 interface </P><P></P><P></P><P>route outside 0.0.0.0 0.0.0.0 <PRIMARY_ISP> 1 <TRACK 1=""> </TRACK></PRIMARY_ISP></P><P>route outside2 0.0.0.0 0.0.0.0 <SECONDARY_ISP> &lt;254&gt;</SECONDARY_ISP></P><P></P><P>sla monitor 123</P><P> type echo protocol ipIcmpEcho <IP_ADDRESS_TO_PING> interface outside</IP_ADDRESS_TO_PING></P><P> num-packets 3</P><P> frequency 10</P><P></P><P>sla monitor schedule 123 life forever start-time now</P><P></P><P>track 1 rtr 123 reachability</P><P></P><P></P><P>Then static NAT and inbound acl to allow traffic to both hosts</P><P></P><P></P><P>static (inside,outside) 1.1.1.2 192.168.10.2 netmask 255.255.255.255 </P><P>static (inside,outside2) 2.2.2.2 192.168.10.3 netmask 255.255.255.255 </P><P></P><P></P><P>access-list outside_access_in extended permit tcp any host 1.1.1.2 eq <TCP_PORT> log</TCP_PORT></P><P>access-group outside_access_in in interface outside</P><P></P><P>access-list outside2_access_in extended permit tcp any host 2.2.2.2 eq <TCP_PORT> log</TCP_PORT></P><P>access-group outside2_access_in in interface outside2</P><P></P><P></P><P></P><P>HTH</P><P>Jorge</P></BODY></HTML> Sat, 08 Nov 2008 17:31:08 GMT JORGE RODRIGUEZ 2008-11-08T17:31:08Z https://community.cisco.com/t5/network-security/static-natting/m-p/1135287#M893789 <P>Hi, We have two ISP links following:</P><P>1) 1.1.1.0/24-----Outside</P><P>2) 2.2.2.0/24-----Outside2</P><P>Internal Network : 192.168.10.0/24-Inside</P><P></P><P>Using commands for natting and patting i.e </P><P>nat (Inside) 1 192.168.10.0 255.255.255.0</P><P>global (outside) 1 interface</P><P></P><P>Now I want to use static natting and allot one static public IP from the range of Ist ISP Provider Pool 1.1.1.2---Map with----192.168.10.2</P><P>And second public IP wud use from the 2nd ISP Provider pool 2.2.2.2----map with---192.168.10.3</P><P></P><P>All Internal Traffic are going out from outside Interface that means first static IP will work but how its possible that the second static natting 2.2.2.2 traffic to be bypass from second outside link (Outside2). Please help.</P><P></P><P></P> Mon, 11 Mar 2019 14:10:20 GMT https://community.cisco.com/t5/network-security/static-natting/m-p/1135287#M893789 ray_stone 2019-03-11T14:10:20Z https://community.cisco.com/t5/network-security/static-natting/m-p/1135288#M893797 <HTML><HEAD></HEAD><BODY><P>Ray, are you configuring asa for backup isp?</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml" target="_blank">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml</A></P><P></P><P>with above link you can try for inbound traffic through backup isp via (outside2) .</P><P></P><P>global (outside) 1 interface </P><P>global (outside2) 1 interface </P><P></P><P></P><P>route outside 0.0.0.0 0.0.0.0 <PRIMARY_ISP> 1 <TRACK 1=""> </TRACK></PRIMARY_ISP></P><P>route outside2 0.0.0.0 0.0.0.0 <SECONDARY_ISP> &lt;254&gt;</SECONDARY_ISP></P><P></P><P>sla monitor 123</P><P> type echo protocol ipIcmpEcho <IP_ADDRESS_TO_PING> interface outside</IP_ADDRESS_TO_PING></P><P> num-packets 3</P><P> frequency 10</P><P></P><P>sla monitor schedule 123 life forever start-time now</P><P></P><P>track 1 rtr 123 reachability</P><P></P><P></P><P>Then static NAT and inbound acl to allow traffic to both hosts</P><P></P><P></P><P>static (inside,outside) 1.1.1.2 192.168.10.2 netmask 255.255.255.255 </P><P>static (inside,outside2) 2.2.2.2 192.168.10.3 netmask 255.255.255.255 </P><P></P><P></P><P>access-list outside_access_in extended permit tcp any host 1.1.1.2 eq <TCP_PORT> log</TCP_PORT></P><P>access-group outside_access_in in interface outside</P><P></P><P>access-list outside2_access_in extended permit tcp any host 2.2.2.2 eq <TCP_PORT> log</TCP_PORT></P><P>access-group outside2_access_in in interface outside2</P><P></P><P></P><P></P><P>HTH</P><P>Jorge</P></BODY></HTML> Sat, 08 Nov 2008 17:31:08 GMT https://community.cisco.com/t5/network-security/static-natting/m-p/1135288#M893797 JORGE RODRIGUEZ 2008-11-08T17:31:08Z https://community.cisco.com/t5/network-security/static-natting/m-p/1135289#M893802 <HTML><HEAD></HEAD><BODY><P>Hi Jorge,</P><P></P><P>Thanks for your reply. Here I don't want to use ISP outside2 as a backup link, just want to know if i dont use nat and global commands and instead of that i use only static commands like follwoing: </P><P></P><P>static (inside,outside) 1.1.1.2 192.168.10.2 netmask 255.255.255.255 </P><P>static (inside,outside2) 2.2.2.2 192.168.10.3 netmask 255.255.255.255 </P><P></P><P>Will both Internal Servers be accessible from outside network from its own Public Address difined and can i access the internet from Servers as I believe that Nat and PAT are used only other machines which are not using static IP's and what would be the route commands in this case?</P><P></P><P>And what is a use of these commands: </P><P></P><P>sla monitor 123 </P><P>type echo protocol ipIcmpEcho <IP_ADDRESS_TO_PING> interface outside </IP_ADDRESS_TO_PING></P><P>num-packets 3 </P><P>frequency 10 </P><P></P><P>sla monitor schedule 123 life forever start-time now </P><P></P><P>track 1 rtr 123 reachability </P></BODY></HTML> Sun, 09 Nov 2008 04:17:11 GMT https://community.cisco.com/t5/network-security/static-natting/m-p/1135289#M893802 ray_stone 2008-11-09T04:17:11Z