Hi Jon,
After reading your response again after writing my reply, I feel you understand my issue but wanted to send this any way hoping I could get some actual ASA syntax!!! :)
Internet sources will reach my Internal web server (172.16.5.45, or dns name Donsee) by setting their browser to http://1.0.0.1. (or www.donsee.org). The source Internet traffic is routed to 1 of 2 of my ASA firewalls.
[My ASA firewalls do not share state, don't know about each other and are separated by several hundred miles.]
ASA1 Outside Public IP address = 1.0.0.1
ASA2 Outside Public IP address = 2.0.0.2
ASA1 receiving the initial packet will NAT the destination of 1.0.0.1 to 172.16.5.45 and forward the packet to the next hop. Once the packet is received by Donsee, Donsee will reply with the web page contents and forward to its configured default gateway. --- Now this is where it get fuzzy. Donsss's default gateway router R1 does not have a Gateway of Last resort (0.0.0.0/0). R1 not having a gateway of last resort drops the packet.
R1 does not have a Gateway of Last resort because both of my ASAs (ASA1 and ASA2) route traffic to R1. If R1 had a Gateway of Last Resort (0.0.0.0/0), returning traffic to an incorrect ASA will fail because the firewalls do not share state. This is our known issue and cannot be fixed in the short term.
If the ASAs (ASA1 and ASA2) could NAT both the Destination to 172.16.5.45 AND the SOURCE of packets with their "Outside" interface address, Providing R1 with the 2 IP host addresses of 1.0.0.1/32 and 2.0.0.2/32 pointing to the correct forwarding path, this will solve the problem.
I am struggling with the mechanics of ASA NAT to make this happen.
Thanks again for your assistance.
Frank
