cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
779
Views
0
Helpful
2
Replies

How to direct public IP traffic from one ASA to another?

PremierGold
Level 1
Level 1

I have a ASA 5505 and ASA 5508x. In reference to the attached diagram. I am looking to fail-over a Public IP B to ASA 5508x through ASA5505. The only reason for this configuration is the ASA5505 is with ISP A and with out paying a huge amount we can an additional IP address for a fraction of the cost. The ASA5508x is with ISP C.

Failover Diagram.PNG

How do I program the ASA5505 to forward all traffic that comes from Public IP B to ASA5508x?

2 Replies 2

Peter Koltl
Level 7
Level 7

The logic is like this:

nat (outside,asaic) source dynamic any4 obj-hideaddr destination static PUB-B PRIV-B unidirectional

 

Source Internet addresses must be hide-NATed otherwise return traffic would exit on PUB-C interface.

Destination address translation follows the usual static translation method.

 

asaic is the ASA interconnect link. Never use the 'failover' term for something that is not failover.


@Peter Koltl wrote:

The logic is like this:

nat (outside,asaic) source dynamic any4 obj-hideaddr destination static PUB-B PRIV-B unidirectional



Hey Peter thanks for the information! Got it interconnect not fail-over.

 

To clarify, in your logic example.

asaic = ASA5508x

 

obj-hideaddr = ? (what is this object suppose to be)

PUB-B = (is an object with the Public IP) x.x.x.C

PRIV-B = (is an object network for Private Net B) ie. 192.168.1.0

 

Regards,

Pierre

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: