Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2338
Views
0
Helpful
2
Replies

Conditional NAT and routing on ASA

bapatsubodh
Level 1
Level 1

‎06-20-2011 12:01 PM - edited ‎03-11-2019 01:47 PM

Hi,

On our ASA 5510 we already have one ISP link terminated on outside interface. There is correspoinding nat and global configured for outbound access to internet.

Now we need to terminate second ISP link on one of the DMZ interface to have redundancy for the primary ISP. 

When primary ISP link or router is down we need to send all the traffic to secondary ISP router.  How do we configure NAT and global for this condition that only when primary is down then only this NAT -Global should be used.  Do we have anything like object tracking associated with the NAT-global.

So that as long as Primary  RTR - object is up ASA will use the first NAT-Global pair. When primary ISP is down RTR-Object is not reachable then ASA will perform the second NAT-Global operation.

Also can we have default route pointing to Outside interface (primary ISP router) and in case of primary router failure it will point to secondary ISP. Do we have "track"  in the static route commands on ASA.

Please share the experience.

Thanks in advance!

Subodh

1 person had this problem
Labels:
0 Helpful
2 Replies 2

bapatsubodh
Level 1
Level 1

‎06-20-2011 12:26 PM

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

This is similar to our requirement. But still not clear how NAT -Global will work if primary ISP WAN link is down. Outside interface will still be up and ASA will use the first pair to source NAT the packets. How and when ASA will start using second ISP for NATing?  Track will be used to put the correct route in routing table but not clear about NAT-Global.

Thanks in advance.

Thanks

Subodh

0 Helpful

Kureli Sankar
Cisco Employee
Cisco Employee
In response to bapatsubodh

‎06-20-2011 04:28 PM

When the primary route is removed from the routing table and the backup high metric route is added in the routing table all subsequent internet conns will take the new backup path as the egress interface and will be forced to take the global for that backup path.

You can review a few options that I have listed here:

https://supportforums.cisco.com/docs/DOC-13015

-KS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card