accessing Single IP from two IP from outside

bapatsubodh · ‎03-18-2008

Hi,

We have ASA 5500 series configured to access mail server ip from outside by a single static command

snatic (inside,outside) IP_ADD1 , Mail_serverIP. with corresponding access list configured on outside interface.

Now we are having second ISP router that also terminates on the outside of ASA. ( in the same subnet, ASA outside R1, R2 ethernet are in the same subnet ).

ISP1 has a pool of say Pool1 , and IPS2 has given a pool2. Our current staic command is working fine with ISP pool1 ip address. so now qustion to us is how do we access the same mail server from ISP2 pool. As staic command do not allow same ip to be used for two different.

Accessing it viz DMZ port is not possible as it is used for some another purpose.

Any experience please share.

any trick to do this please share !

Thanks in advance.

JORGE RODRIGUEZ · ‎03-18-2008

Hi, I have not faced your scenario yet but have read some threads out there in this forum, here is one of them I kept it saved for future reference.. it may give you some help on your request/implementation.

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Firewalling&CommCmd=MB?cmd=display_location&location=.2cbf9425

Jorge Rodriguez

jan.nielsen · ‎03-22-2008

Give your mail server a second ip address locally, and then nat your isp2 address to that. Remember though, you can only use this for redundancy not load-balancing, as there is no option for using two default routes on an asa. You will need to setup a track of the route via isp2 so the asa changes its default route if the primary link goes down.