08-07-2018 12:05 PM - edited 02-21-2020 08:04 AM
I have a ASA 5505 and ASA 5508x. In reference to the attached diagram. I am looking to fail-over a Public IP B to ASA 5508x through ASA5505. The only reason for this configuration is the ASA5505 is with ISP A and with out paying a huge amount we can an additional IP address for a fraction of the cost. The ASA5508x is with ISP C.
How do I program the ASA5505 to forward all traffic that comes from Public IP B to ASA5508x?
08-07-2018 12:25 PM
The logic is like this:
nat (outside,asaic) source dynamic any4 obj-hideaddr destination static PUB-B PRIV-B unidirectional
Source Internet addresses must be hide-NATed otherwise return traffic would exit on PUB-C interface.
Destination address translation follows the usual static translation method.
asaic is the ASA interconnect link. Never use the 'failover' term for something that is not failover.
08-07-2018 01:01 PM
@Peter Koltl wrote:
The logic is like this:
nat (outside,asaic) source dynamic any4 obj-hideaddr destination static PUB-B PRIV-B unidirectional
Hey Peter thanks for the information! Got it interconnect not fail-over.
To clarify, in your logic example.
asaic = ASA5508x
obj-hideaddr = ? (what is this object suppose to be)
PUB-B = (is an object with the Public IP) x.x.x.C
PRIV-B = (is an object network for Private Net B) ie. 192.168.1.0
Regards,
Pierre
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide