Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1006
Views
0
Helpful
2
Replies

ASA static map, outbound flows through global address

mkipness1
Level 1
Level 1

‎11-30-2011 11:46 PM - edited ‎03-11-2019 02:57 PM

I have an ASA 5510 running version 7.0. I have a problem with an exchange server using a static map and its outbounc connectivity. It connects outbound through the global address even though inbound connectivity works fine through the static mapping. The recent changes are changing of the zero route through a different interface (there are to circuit connected to this ASA on different interfaces). So the idea was to get all workstations in the office using the global address and routing out through one circuit, and the servers connecting in/out through the other circuit. Shouldn't a static mapping ignore what the zero route is?

Here are what I believe to be the relevant configs. If someone can tell me what I've got wrong, I would surely appreciate it.

interface Ethernet0/0

description New 6mb circuit

speed 100

nameif outside

security-level 0

ip address circuit-6mb 255.255.255.248

!

interface Ethernet0/1

description LAN interface

nameif inside

security-level 100

ip address 192.168.0.1 255.255.255.0

!

interface Ethernet0/2

description 3mb circuit

nameif mpls

security-level 0

ip address circuit-3mb 255.255.255.224

global (outside) 1 interface

global (mpls) 2 interface

nat (inside) 0 access-list no-nat

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,mpls) exchange2-outside exchange2-inside netmask 255.255.255.255

route outside 0.0.0.0 0.0.0.0 xxx.122.47.217 5

route mpls 0.0.0.0 0.0.0.0 xxx.207.51.225 6

So exchang2 server can be connected to from the outside properly via IP xxx.207.51.231/exchange2-outside, but all outbound connections from this server are going out via IP xxx.122.47.218/circuit-6mb as do all the workstations due to the global address statement.

Thanks in advance,

Max Kipness

Labels:
0 Helpful
2 Replies 2

varrao
Level 10
Level 10

‎12-01-2011 02:43 AM

Hi Max,

what you are seeing is an expected behavior on the ASA, since ASA can only have one default route on it. The first one would always be hit first on the firewall. This particulart setup might not be possible on the ASA, since on ASA we cannot do source based routing, so everytine the request from server comes in, it would be sent out of the first route that you have.

Hope that helps,

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

mkipness1
Level 1
Level 1
In response to varrao

‎12-01-2011 06:49 AM

Varun,

Thanks for the response.

So you are  saying that static mapping doesn't link the internal server inbound and  outbound to a specific IP? I thought that was the purpose in a static.  This would mean that having the extra circuit on the ASA is almost a  waste except for inbound. Do you have any other suggestions?

Thanks,

Max

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card