Solved: Re: I have an ASA5525 and I need to add additional internet interfaces - static NAT and using ASDM

alainmlb · ‎01-15-2020

Hi,

I need help and pointers on how to accomplish the following:

I have an ASA5525 and I need to add additional internet interfaces. I will use ASDM to complete this task.

I have an unused interface on the ASA that I will enable for this purpose - GE0/6

I would like to add a static IP from my/any ISP to my ASA 5525 GE0/6 interface.

I have 2 public IPs available for use from the ISP and I want to add a weighting so that internet access fails over to my ISP on GE0/6, so I can have connectivity thru this connection if needed.

I would like to add NATs for two of my servers using static IPs on the ISP range.

I appreciate any pointers and suggestions you may have.

Thank you

Rob Ingram · ‎01-15-2020

Hi,

You should use IP SLA on the ASA, so if the primary link fails traffic will failover to the secondary link.

This scenario including IP SLA and NAT is covered in this post here.

Post your configuration sanitised details if you need further assistance.

HTH

View solution in original post

Sheraz.Salim · ‎01-15-2020

I am not ASDM expert. if you follow the command line here is the configuration.

!

interface Gig0/1
nameif OUTSIDE
security-level 0
ip address 20.20.20.20 255.255.255.0
!
interface Gig0/6
nameif BACKUP
security-level 0
ip address 10.10.10.10 255.255.255.0
no shut
!
!
object network server1
host 172.16.1.10
nat (Inside,OUTSIDE) source static PublicIPaddress
nat (Inside,BACKUP) source static PublicIPaddress
!
object network server2
host 172.16.1.20
nat (Inside,OUTSIDE) source static PublicIPaddress
nat (Inside,BACKUP) source static PublicIPaddress
!
sla monitor 10
type echo protocol ipIcmpEcho 8.8.8.8 interface OUTSIDE
threshold 1
frequency 5
!
sla monitor schedule 1 life forever start-time now
!
track 100 rtr 1 reachability
route OUTIDE 0 0 0.20.20.90 1 track 100
route BACKUP 0 0 10.10.10.90 100
!

please do not forget to rate.

View solution in original post

Rob Ingram · ‎01-15-2020

Hi,

You should use IP SLA on the ASA, so if the primary link fails traffic will failover to the secondary link.

This scenario including IP SLA and NAT is covered in this post here.

Post your configuration sanitised details if you need further assistance.

HTH

Sheraz.Salim · ‎01-15-2020

I am not ASDM expert. if you follow the command line here is the configuration.

!

interface Gig0/1
nameif OUTSIDE
security-level 0
ip address 20.20.20.20 255.255.255.0
!
interface Gig0/6
nameif BACKUP
security-level 0
ip address 10.10.10.10 255.255.255.0
no shut
!
!
object network server1
host 172.16.1.10
nat (Inside,OUTSIDE) source static PublicIPaddress
nat (Inside,BACKUP) source static PublicIPaddress
!
object network server2
host 172.16.1.20
nat (Inside,OUTSIDE) source static PublicIPaddress
nat (Inside,BACKUP) source static PublicIPaddress
!
sla monitor 10
type echo protocol ipIcmpEcho 8.8.8.8 interface OUTSIDE
threshold 1
frequency 5
!
sla monitor schedule 1 life forever start-time now
!
track 100 rtr 1 reachability
route OUTIDE 0 0 0.20.20.90 1 track 100
route BACKUP 0 0 10.10.10.90 100
!

please do not forget to rate.

alainmlb · ‎01-25-2020

Thank you to RJI and Sheraz Salim for your respective promt responses; unlike myself taking a whole week to respond. My apologies.

Your suggestions were clear and effective. It worked!

Thank you!