cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


250
Views
0
Helpful
2
Replies
Beginner

How to direct public IP traffic from one ASA to another?

I have a ASA 5505 and ASA 5508x. In reference to the attached diagram. I am looking to fail-over a Public IP B to ASA 5508x through ASA5505. The only reason for this configuration is the ASA5505 is with ISP A and with out paying a huge amount we can an additional IP address for a fraction of the cost. The ASA5508x is with ISP C.

Failover Diagram.PNG

How do I program the ASA5505 to forward all traffic that comes from Public IP B to ASA5508x?

2 REPLIES 2
Highlighted
Contributor

Re: How to direct public IP traffic from one ASA to another?

The logic is like this:

nat (outside,asaic) source dynamic any4 obj-hideaddr destination static PUB-B PRIV-B unidirectional

 

Source Internet addresses must be hide-NATed otherwise return traffic would exit on PUB-C interface.

Destination address translation follows the usual static translation method.

 

asaic is the ASA interconnect link. Never use the 'failover' term for something that is not failover.

Beginner

Re: How to direct public IP traffic from one ASA to another?


@Peter Koltl wrote:

The logic is like this:

nat (outside,asaic) source dynamic any4 obj-hideaddr destination static PUB-B PRIV-B unidirectional



Hey Peter thanks for the information! Got it interconnect not fail-over.

 

To clarify, in your logic example.

asaic = ASA5508x

 

obj-hideaddr = ? (what is this object suppose to be)

PUB-B = (is an object with the Public IP) x.x.x.C

PRIV-B = (is an object network for Private Net B) ie. 192.168.1.0

 

Regards,

Pierre