Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
456
Views
0
Helpful
1
Replies

Cisco ASA : Two inside interfaces and NAT/Port forwards.

Andrew Battersby
Level 1
Level 1

‎06-07-2014 11:13 AM - edited ‎03-11-2019 09:18 PM

Due to having two routers on the inside of an ASA running HSRP for fail over purposes I have two inside interfaces. For example:

ASA

Int GE0/0 : 8.8.8.8 (outside)
Int GE0/1 : 10.0.0.1/30 (inside1)
Int GE0/2 : 10.0.1.1/30 (inside2)

Cisco Router Primary
Int GE0/0 : 10.0.0.2/30
Int GE0/1 : 192.168.1.254/24 (standby IP)
Int GE0/2 : 192.168.5.254/24 (standby IP)

Cisco Router backup
Int GE0/0 : 10.0.1.2/30
Int GE0/1 : 192.168.1.254/24 (standby IP)
Int GE0/2 : 192.168.5.254/24 (standby IP)

Due to the the way the failover works traffic could come into the ASA via either the "inside" or "inside2" interface.

When setting NAT and port forwards you have to specify the inside and outside interface for it to work. I don't want to have to remove and re-apply all the port forwards if the primary router fails and traffic starts to come into the ASA on the inside2 interface.

Is there an easier way to do this?

Thanks

Labels:
0 Helpful
1 Reply 1

Marius Gunnerud
VIP
VIP

‎06-07-2014 01:29 PM

You don't need to remove the NAT commands for the inside interface when it has failed.  Why not just have two sets of NAT commands that are exactly the same, except one set references inside1 and the other references inside2?

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card