Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
769
Views
0
Helpful
4
Replies

8.3 IOS - Two Outside Interfaces - Configure NAT

yubago
Level 1
Level 1

‎06-18-2010 09:13 AM - edited ‎03-11-2019 11:01 AM

Hello,

I have two Internet circuits that I want to connect to the ASA. Prior to 8.2 I've been able to configure dynamic NAT for both interfaces and add two routes so that if one circuit went down outbound traffic would flow out of the second circuit. However with 8.3 I'm not sure how to do this.

Example Config

route outside 0.0.0.0 0.0.0.0 222.222.222.222 1 - This is ISP gateway 1 (outside)

route outside 0.0.0.0 0.0.0.0 111.111.111.111 2 - This is ISP gateway 2 (outside2)

object network ANY

subnet 0.0.0.0 0.0.0.0
nat (inside,outside) dynamic interface - This NATs outbound traffic to the interface "outside"

How would I be able to add a second NAT entry so that if the outside circuit fails outbound traffic will flow out outside2

Thanks!

Labels:
0 Helpful
4 Replies 4

yubago
Level 1
Level 1

‎06-18-2010 09:19 AM

Correction. I meant "Prior to IOS 8.3".

Thanks,

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee

‎06-18-2010 09:32 AM

Not too clear on the route statement as both routes are pointing to the outside interface.

Assuming that you have 2 interface, outside and outside2, configured "ip sla" with tracking to track the current outside interface and fail it to outside2 interface when outside interface is down, you can add the following dynamic nat for outside2 interface:

object network ANY2

     subnet 0.0.0.0 0.0.0.0

     nat (inside,outside2) dynamic interface

Hope that helps.

0 Helpful

yubago
Level 1
Level 1

‎06-18-2010 09:36 AM

Thanks for the response. Yes I did mean to have outside2 on the second route. Your recommendation makes sense I don't know why but I had it stuck in my head that I needed to have a single "ANY" network object.

I will try it out today and will write back to provide the results.

0 Helpful

yubago
Level 1
Level 1
In response to yubago

‎07-02-2010 10:45 AM

Hello,

I was able to get the solution working by putting in a route statement. I am however having another issue that I used to be able to support with the old IOS.

With the old IOS I could have two dynamic NAT statements, one for each interface, so that if one link failed, outbound traffic is sent out the second interface (and dynamically natted).

In the new IOS where you assign nat statements to network objects you can only have one NAT statement per object which in my mind means that we can't configure this the way we want to.

Is that accurate?

Thanks,

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card