Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
303
Views
0
Helpful
3
Replies

2 ip public (from 2 ISP) nat to 1 ip server private

ardhy.suarabaskara
Level 1
Level 1

‎04-26-2017 01:52 AM - edited ‎03-12-2019 02:16 AM

Dear All,

I need suggestion for configuration 2 ip public (from 2 ISP) nat to 1 ip server private on Cisco ASA.

Currently I have 1 ISP and I configure NAT Static IP Public (202.77.xxx.xx) --> 10.10.10.25 (IP Private Server).

My Company have plan to add new ISP, for example have ip public : 202.88.xxx.xx.

This server will registered on domain use 2 ip public.

My question is :

Is it possible I configure 2 ip public (from 2 ISP) nat to 1 ip server private ?

IP Public (202.77.xxx.xx) --> 10.10.10.25 (IP Private Server)

IP Public (202.88.xxx.xx) --> 10.10.10.25 (IP Private Server)

Whether, I configure nat static again for 202.88.xxx.xx to 10.10.10.25 ?

Please your suggestion.

Regards,

Ardhy

Labels:
0 Helpful
3 Replies 3

Ajay Saini
Level 7
Level 7

‎04-26-2017 06:28 AM

That is possible, with few additions to config. Since you have 2 ISPs, I would assume that ISP1 is primary ISP(default gateway pointing to it) and second ISP will be less preferred ISP.

Assuming that above is the case, we would need to add a less preferred route on ISP2 interface so that traffic when arrives inbound through ISP2 knows a way back out through same interfaces, hence not causing any asymmetric routing which ASA doesn't like much.

Things you would need:

- route on ISP2 , less preferred, something like

route ISP2 0 0 x.x.x.x 254

x.x.x.x - default gateway on ISP2

- static nat statement to map the inside server to a public ip address on ISP2

-access-list to allow traffic inbound from ISP2

Let me know if there are any questions

HTH

-AJ

0 Helpful

ardhy.suarabaskara
Level 1
Level 1
In response to Ajay Saini

‎04-26-2017 10:47 PM

Thanks Ajay for your suggestion,

Assume that is 2 ISP running Active - Active. So, I have to configure PBR (Policy Base Routing) to manage traffict, example : http (ISP 1) and https (ISP2).

And i understand you mean, and i have imagined to do like as you suggestion to me.

But i don't sure it's working.

Whether you ever do that, like as my case above ?

Because the Goal is if ISP 1 Down, then cover by ISP 2 and vice versa.

or Should be to buy other device to handle this case ?

Regards,

Ardhy

0 Helpful

Ajay Saini
Level 7
Level 7
In response to ardhy.suarabaskara

‎04-27-2017 05:24 AM

As long as routes across both ISP are active, it should work. Can you paste your running config(remove the public ip address info). Also, add the output of 'show route'

-

AJ

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card