ASA NAT Question?

ciscoKart · ‎06-06-2013

Hi All,

Hope you can help with this one. I need a solution the following problem either additional hardware required or could it be done with current hardware?

Problem:

I need a way for multiple video conferencing endpoints to register to one public (outside address) of our firewall that is NAT'd to two private addresses (inside).

We have a Polycom DMA7000 super cluster, so two DMA 7000 acting has a pair with two different IP addresses. The DMA has a built in DNS, so handles the failover by changing the DNS A record replacing the IP address with the active unit, so that works for failover on the LAN by endpoints register using the DNS name.

So the problem is external endpoints need to register to just one outside address, but NAT needs to be the active unit. So can this one outside to two inside NAT be done on Cisco ASA 5520 or do I need to use a load balancer on the inside?

Any suggestions or solutions welcome.

Julio Carvajal · ‎06-06-2013

This would be a dedicated one to one mapping right?

No port-forwarding but static one to one right?

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

brianwilliams99 · ‎06-06-2013

Normally devices will have a VIP that they share between the 2 devices. See if they have a VIP and point your NAT to you VIP between the 2 devices.

ALIAOF_ · ‎06-06-2013

Check out this thread I did something like that:

https://supportforums.cisco.com/message/3933212#3933212