Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1681
Views
5
Helpful
2
Replies

Dual ISP with static NAT for each ISP

tato386
Level 6
Level 6

‎02-28-2014 04:08 PM - edited ‎03-11-2019 08:52 PM

We recently went from single ISP on our ASA to dual ISPs with failover using object tracking.  Dynamic NAT is working great with both ISP.  Using this:

nat (inf_inside,inf_ISP1) after-auto source dynamic PAT_Networks interface

nat (inf_inside,inf_ISP2) after-auto source dynamic PAT_Networks interface

However static NAT is proving more challenging.

BEFORE:

object network host1
    nat (inf_inside,inf_ISP1) static publicIP1_ISP1

AFTER:
nat (inf_inside,inf_ISP1) source static host1 publicIP1_ISP1
nat (inf_inside,inf_ISP2) source static host1 publicIP2_ISP2

With object NAT it works great no matter which ISP I use.  However, to my  knowlege I can't use two different NATs using object NAT therefore I setup the two individual NAT statements shown in AFTER section. I also have identical ACLs on both ISP interfaces to allow needed traffic.

The host here happens to be a DVR.  When using the individual NAT statements the web management page only partly loads or does not load at all.  Video clients cannot connect at all.  Basically you can see the DVR is kinda there and responding but not working as it should.

Is there something I am missing or should be doing differently?

Thanks,

Diego 

Labels:
0 Helpful
2 Replies 2

Jouni Forss
VIP Alumni
VIP Alumni

‎03-02-2014 08:50 AM

Hi,

To my understanding Static NAT for one internal host towards 2 different ISPs should work just fine as long as the connections are only formed from the ISP links towards the internal network. In this case the ASA should be able to use the existing connection and translation formed through the ISP in question to forward the return traffic correctly.

However if there is anything that requires the internal host to initiate connection towards the external networks then it will naturally only use the ISP which holds the default route at that point.

With regards to your NAT configuration. They seem to be basic Static NAT configurations with Manual NAT.

You can configure this with Auto NAT / Network Object NAT also but you just need to configure 2 different NAT as you can hold multiple "nat" statements under one "object"

So you could have

object network HOST-ISP-1

host

nat (inside,isp1) static

object network HOST-ISP-2

host

nat (inside,isp2) static

Maybe you could try the above configurations.

If the connections still dont work I would monitor the logs for any blocked connections or other problems.

- Jouni

tato386
Level 6
Level 6
In response to Jouni Forss

‎03-04-2014 05:25 PM

I should have thought about using two objects!

Thanks Jouni.  I will try later on this week and let you know.

Rgds,

Diego

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card