11-15-2011 12:14 AM - edited 03-11-2019 02:50 PM
Hi Experts,
I am having a strange requirement. actually I am not sure it is strange or not. I am hvaing ASA5510 with 8.4 sw version.
Currently one ISP is connected to it. It is working fine.
We have some servers that are directly connected to internet using another ISP connection. These srevers having public IP addresses configured on their LAN settings. I need to move these servers in to the DMZ zone.
When i connect it to the ASA's DMZ zone,servers will get internet through the first ISP that is already configured on ASA. But i need to NAT the DMZ servers with the IP address provided by the other ISP, which even not configured on ASA.
So what should i do? In short my requirement is
1) need to NAT the server with the IP address provided by another ISP
2) Also note that the default route is configured for the first ISP only in ASA
so Do i need to configure another default route?
Do i need to make it with larger AD? So i do it will act as the secondary route only.
I need to make the ASA up and running for two ISP, and servers in the LAN should be able to NAT with the IPs of first ISP and ,the servers in the DMZ zone should be able to NAT with the public IP of the new ISP.
IS THIS POSSIBLE? please advice
Thanks
Vipin
11-15-2011 02:23 AM
Hi,
I think it should work since you are using public address as long there is one to one NAT mapping for the server.
The only issue is there will be asymetric routing.
Traffic from server to public will use ISP 1 but when going inside from outside will use ISP 2.
HTH,
Vikram
11-15-2011 05:31 AM
How about connecting both ISPs to a router and then put the ASA behind that? Then you could do policy-based routing on the router to decide which ISP link the traffic should use.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide