Re: ASA 5510 service based

0rsnaric · ‎04-04-2012

Is there a way to NAT based on availability of a protocol? Put another way can the ASA have a NAT entry for a web server that includes a primary inside address, and a secondary inside address to use in case the primary isn't responding?

I know this is the realm of load balancers, but I have a special situation with limited resources.

Thanks!

Rick

srirmoha · ‎04-06-2012

Hi Rick,

For this situation I guess you would need to add NAT and ACL statements for both the Primary and secondary IP's.

Whenever the Primary IP fails and the server fallback to secondary then, the ASA would start using the second nat statement for the request coming in for your secondary IP.

Now I understand you would have only one public ip for both the primary and secondary private ip, is that so???

srirmoha · ‎04-06-2012

Also wats the code that you using on the ASA.

Amit Rai · ‎04-06-2012

this is not possible

you can not statically map a public to 2 different private IP's to the same public IP on the same port

either you do port forwarding for 2 differant IP's on 2 differant ports like below

stat (in,out) tcp 2.2.2.2 80 1.1.1.1 80

stat (in,out) tcp 2.2.2.2 443 1.1.1.2 443

but that does not solve you problem

so basically what you are trying to achive is not possible.

sean_evershed · ‎04-06-2012

Hi,

I know this is a load balancing solution but do you manage the DNS Server for the web server? If so you could implement DNS round-robin:

http://en.wikipedia.org/wiki/Round-robin_DNS

Cheers

Sean