01-15-2020 10:44 AM
Hi,
I need help and pointers on how to accomplish the following:
I have an ASA5525 and I need to add additional internet interfaces. I will use ASDM to complete this task.
I have an unused interface on the ASA that I will enable for this purpose - GE0/6
I would like to add a static IP from my/any ISP to my ASA 5525 GE0/6 interface.
I have 2 public IPs available for use from the ISP and I want to add a weighting so that internet access fails over to my ISP on GE0/6, so I can have connectivity thru this connection if needed.
I would like to add NATs for two of my servers using static IPs on the ISP range.
I appreciate any pointers and suggestions you may have.
Thank you
Solved! Go to Solution.
01-15-2020 10:54 AM
Hi,
You should use IP SLA on the ASA, so if the primary link fails traffic will failover to the secondary link.
This scenario including IP SLA and NAT is covered in this post here.
Post your configuration sanitised details if you need further assistance.
HTH
01-15-2020 12:02 PM - edited 01-15-2020 12:04 PM
I am not ASDM expert. if you follow the command line here is the configuration.
!
interface Gig0/1
nameif OUTSIDE
security-level 0
ip address 20.20.20.20 255.255.255.0
!
interface Gig0/6
nameif BACKUP
security-level 0
ip address 10.10.10.10 255.255.255.0
no shut
!
!
object network server1
host 172.16.1.10
nat (Inside,OUTSIDE) source static PublicIPaddress
nat (Inside,BACKUP) source static PublicIPaddress
!
object network server2
host 172.16.1.20
nat (Inside,OUTSIDE) source static PublicIPaddress
nat (Inside,BACKUP) source static PublicIPaddress
!
sla monitor 10
type echo protocol ipIcmpEcho 8.8.8.8 interface OUTSIDE
threshold 1
frequency 5
!
sla monitor schedule 1 life forever start-time now
!
track 100 rtr 1 reachability
route OUTIDE 0 0 0.20.20.90 1 track 100
route BACKUP 0 0 10.10.10.90 100
!
01-15-2020 10:54 AM
Hi,
You should use IP SLA on the ASA, so if the primary link fails traffic will failover to the secondary link.
This scenario including IP SLA and NAT is covered in this post here.
Post your configuration sanitised details if you need further assistance.
HTH
01-15-2020 12:02 PM - edited 01-15-2020 12:04 PM
I am not ASDM expert. if you follow the command line here is the configuration.
!
interface Gig0/1
nameif OUTSIDE
security-level 0
ip address 20.20.20.20 255.255.255.0
!
interface Gig0/6
nameif BACKUP
security-level 0
ip address 10.10.10.10 255.255.255.0
no shut
!
!
object network server1
host 172.16.1.10
nat (Inside,OUTSIDE) source static PublicIPaddress
nat (Inside,BACKUP) source static PublicIPaddress
!
object network server2
host 172.16.1.20
nat (Inside,OUTSIDE) source static PublicIPaddress
nat (Inside,BACKUP) source static PublicIPaddress
!
sla monitor 10
type echo protocol ipIcmpEcho 8.8.8.8 interface OUTSIDE
threshold 1
frequency 5
!
sla monitor schedule 1 life forever start-time now
!
track 100 rtr 1 reachability
route OUTIDE 0 0 0.20.20.90 1 track 100
route BACKUP 0 0 10.10.10.90 100
!
01-25-2020 10:17 AM
Thank you to RJI and Sheraz Salim for your respective promt responses; unlike myself taking a whole week to respond. My apologies.
Your suggestions were clear and effective. It worked!
Thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide