Solved: Dual ISP Natting

dheerajtikoo159 · ‎12-17-2012

Hi ,

I have a scenario in which I have some Public servers Inside my LAN. These Public servers are Statically Translated on firewall with the IP assigned from ISP-1 (Reliance).

WEb server 192.168.1.1 translated to 191.1.1.1

Mail SERVER 192.168.1.2 translated to 191.1.1.2)

Now The Client took the another link from ISP-2 (Tata).

Now my querry is how can i do the translations on asa so that if ISP-1 link goes down, these servers are still reachable from ISP-2 link.

Kindly Suggest the solution ....

rgds,

dheeraj

julomban · ‎12-17-2012

Hello Dheeraj,

I guess yuo are using Dual ISP on the ASA so in case the primary link fails the secondary will take all traffic. If thats the case you just need to create duplicate NAT and ACL entries on the ASA using the second ISP public IP range.

Example:

static (inside,outside) 192.1.1.1 192.168.1.1

static (inside,backup) 192.1.1.1 20.20.20.20

Regards,

Juan Lombana

Please rate helpful posts.

View solution in original post

julomban · ‎12-17-2012

Hello Dheeraj,

I guess yuo are using Dual ISP on the ASA so in case the primary link fails the secondary will take all traffic. If thats the case you just need to create duplicate NAT and ACL entries on the ASA using the second ISP public IP range.

Example:

static (inside,outside) 192.1.1.1 192.168.1.1

static (inside,backup) 192.1.1.1 20.20.20.20

Regards,

Juan Lombana

Please rate helpful posts.

dheerajtikoo159 · ‎12-18-2012

Hi Juon,

thanks for the reply. Also now client wants that some of his users should access the internet through ISP-2 for browsing only, while rest of default traffic should go through primary ISP-1.

julomban · ‎12-18-2012

Dheeraj,

The ASA routes traffic based on destination IP and not by source or service. This is policy based routing which is not supported by the ASA appliance. You can only route traffic through only 1 active default gateway.

Regards,

Juan Lombana

Please rate helpful posts.