NAT- Diferent Range from Outside

crusier2015 · ‎11-14-2016

Hi,

I have to configure static nats with diferrent range of ISP2, they forward another range over this link. For example, they foward range 5.5.5.0/32 to we use from their address : 4.4.4.0/24.

I configured the follow configs but donw works:

interface GigabitEthernet1/5
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0

interface GigabitEthernet1/6
nameif isp1
security-level 100
ip address 3.3.3.2 255.255.255.0

interface GigabitEthernet1/7
nameif isp2
security-level 100
ip address 4.4.4.2 255.255.255.0

route isp 0.0.0.0 0.0.0.0 3.3.3.1 10 track 100
route i isp2.0.0.0 0.0.0.0 4.4.4.1 20

object network server
nat (inside,isp2) static 5.5.5.2

host 192.168.10.10

show xlate | inc 5.5.5.2
NAT from inside:192.168.10.10 to isp2:5.5.5.2

Could you help me?

Tks

Kornelia Gutierrez · ‎11-14-2016

Hello,

I hope you are doing fine, could you let me know which ASA software version are you running, please also send a show route, you might probaby need to build route maps and configure pbr in order to achieve what you are attending to do. Remember that the ASA installs one default route at a time on its routing table, the second default route meant for isp2 acts as a floating route that stands by waiting for your primary ISP link to fail, as I see you have probably configured ip sla.

Best regards,

crusier2015 · ‎11-15-2016

Hi,

Sorry, i forgot some importants infos.

I migrate two Asas 5510 (running version 8.3(2))in failover mode, to two Asas 5516 (running version 9.6.1 )in failover too.

On the old ASAs the Nats was working perfectly .

Follow the outpus:

show route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 3.3.3.1 to network 0.0.0.0

S* 0.0.0.0 0.0.0.0 [10/0] via 3.3.3.1, isp
C 1.1.1.0 255.255.255.0 is directly connected, failover
L 1.1.1.1 255.255.255.255 is directly connected, failover
C 4.4.4.0 255.255.255.0 is directly connected, isp2
L 4.4.4.1 255.255.255.255 is directly connected, isp2
C 3.3.3.0 255.255.255.0 is directly connected, isp
L 3.3.3.2 255.255.255.255 is directly connected, isp

!
track 100 rtr 100 reachability

sla monitor 100
type echo protocol ipIcmpEcho 3.3.3.100 interface isp
num-packets 3
frequency 10
sla monitor schedule 100 life forever start-time now

failover
failover lan unit primary
failover lan interface failover GigabitEthernet1/1
failover link failover GigabitEthernet1/1
failover interface ip failover 1.1.1.1 255.255.255.0 standby 1.1.1.2

interface GigabitEthernet1/1
description LAN/STATE Failover Interface

crusier2015 · ‎11-16-2016

Hi,

Does anyone have any ideas that can help me?

tks