02-14-2008 12:28 PM - edited 03-11-2019 05:03 AM
Any idea's...
I've read the doc about dual ISP connections (outbound): http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml
Take from the above document "As described in this document, this setup may not be suitable for inbound access to resources behind the security appliance. Advanced networking skills are required to achieve seamless inbound connections. These skills are not covered in this document."
So the question is: Where is the documentation for inbound connections?
..but for the meantime without the doc, I'm thinking this could be done with a second NAT statement, additional ACL and an additional IP address on the server in question.
Something like:
interface Ethernet0
nameif outside
security-level 0
ip address *1st ISP Public IP*
interface Ethernet1
nameif backup
security-level 0
ip address *2nd ISP Public IP*
global (outside) 1 interface
global (backup) 1 interface
route outside 0.0.0.0 0.0.0.0 *1st ISP Gateway* 1 track 1
route backup 0.0.0.0 0.0.0.0 *2nd ISP Gateway* 254
sla monitor 151
type echo protocol ipIcmpEcho *object to ping* interface outside
num-packets 3
frequency 10
sla monitor schedule 151 life forever start-time now
track 1 rtr 151 reachability
static (inside,outside) *1st ISP Public IP* 192.168.1.1 netmask 255.255.255.255
static (inside,outside) *2nd ISP Public IP* 192.168.1.2 netmask 255.255.255.255
access-list inbound line 1 extended permit tcp any host *1st ISP Public IP* eq *port*
access-list inbound line 2 extended permit tcp any host *2nd ISP Public IP* eq *port*
Any thoughts?
Thanks
--Mark
Solved! Go to Solution.
02-14-2008 12:33 PM
Looks like that should work...a few mistakes though...
static (inside,backup) *2nd ISP Public IP* 192.168.1.2 netmask 255.255.255.255
access-list inbound_backup extended permit tcp any host *2nd ISP Public IP* eq *port*
access-group inbound_backup in interface backup
02-14-2008 12:33 PM
Looks like that should work...a few mistakes though...
static (inside,backup) *2nd ISP Public IP* 192.168.1.2 netmask 255.255.255.255
access-list inbound_backup extended permit tcp any host *2nd ISP Public IP* eq *port*
access-group inbound_backup in interface backup
02-14-2008 12:40 PM
Great! thanks for the confirmation and pointing out my errors :o)
Will try this out at the weekend
oh and before anyone mentions access-groups:
access-group inbound in interface outside
access-group inbound_backup in interface backup
;o)
02-14-2008 12:41 PM
Good luck, be sure to let us know if it works out.
02-14-2008 12:42 PM
Will do!
02-14-2008 08:00 PM
Who rated that a 1 and why? Care to explain?
02-14-2008 09:44 PM
Anyone!!
Since I rated and ticked resolved my issue after acomiskey 1st answer, I think it's unfair for someone to devalue my points!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide