Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

227
Views
0
Helpful
3
Replies
Highlighted
Garrison Botts
Enthusiast
Enthusiast
‎02-06-2014 09:54 AM
‎02-06-2014 09:54 AM

NATTing Question version 9.x

Hello,

I have two external ISP interfaces and need help with some nat questions.

I have a webserver that I wish to advertise out both interfaces.

The issue I'm having is exactly how to do it on the ASA with version 9.x code

ISP 1:  9.9.9.0

ISP 2: 8.8.8.0

object network webserver

host 7.7.7.7

nat (dmz,isp1) static 9.9.9.9

nat (dmz,isp2) static 8.8.8.8

I can't seem to get this working. I'm new to this code but the old code was so much easier with this....

Labels:
0 Helpful
Reply
3 REPLIES 3
Highlighted
Jouni Forss
Mentor
Mentor
‎02-06-2014 10:01 AM
‎02-06-2014 10:01 AM

Hi,

You wont be able to configure the Static NAT towards both ISP with a single NAT configuration. More specifically, you wont be able to configure 2 NAT statements under the same "object network"

You should configure it like this

object network WEBSERVER-ISP1

host 7.7.7.7

nat (dmz,isp1) static 9.9.9.9

object network WEBSERVER-ISP2

host 7.7.7.7

nat (dmz,isp2) static 8.8.8.8

If you want to read a bit about the new NAT format that was introduced from 8.3 onwards then you could have a look at a document I wrote here on the CSC

https://supportforums.cisco.com/docs/DOC-31116

Here is also another great document for someone that knows the old format but wants to know the corresponding new format

https://supportforums.cisco.com/docs/DOC-9129

I agree that the old NAT configuration format in some situations was a lot simpler and you potentially created a lot simpler configuration. In larger environments and more special setups I do think that the new NAT configuration format is far more simpler/safer to configure and provides more flexibility. There are some issues with it that I still dont have clear answer to but for the most part it seems to work just fine.

Hope this helps

- Jouni

0 Helpful
Reply
Highlighted
Garrison Botts
Enthusiast
Enthusiast
In response to Jouni Forss
‎02-06-2014 11:00 AM
‎02-06-2014 11:00 AM

Thanks!

0 Helpful
Reply
Highlighted
Jouni Forss
Mentor
Mentor
In response to Garrison Botts
‎02-06-2014 11:06 AM
‎02-06-2014 11:06 AM

Hi,

Let us know if it worked for you.

Do remember to mark a reply as the correct answer if it answered your question.

- Jouni

0 Helpful
Reply
Latest Contents
SecureX Frequently Asked Questions
Created by adisanka on 03-01-2021 08:33 AM
0
10
0
10
GeneralWhich Cisco Secure products include access to SecureX?What are the SecureX data retention/privacy policies?What is SSE?How can I unlink my smart account from SSE and link it to a new account?Do I have to use the same SSE region as the SecureX regio... view more
Bridge the security gap with Cisco Remote Secure Worker
Created by Kelli Glass on 02-26-2021 04:37 PM
0
0
0
0
More people are working remotely, and this increases the risk of security breaches and the difficulty in defending remote workers where they work and securing the devices they use. Learn about Cisco Remote Secure Worker solutions that verify workers, secu... view more
ISE Performance & Scale
Created by howon on 02-24-2021 08:26 PM
11
219
11
219
  GeneralWhich Cisco Secure products include access to SecureX?What are the SecureX data retention/privacy policies?What is SSE?How can I unlink my smart account from SSE and link it to a new account?Do I have to use the same SSE region as the Secur... view more
Detecting and Responding to the SolarWinds Infrastructure At...
Created by aligarci on 02-23-2021 08:19 AM
0
5
0
5
On December 8, FireEye reported that it had been compromised in a sophisticated supply chain attack: more specifically through the SolarWinds Orion IT monitoring and management software. The attackers leveraged business software updates in order to distr... view more
Arista CloudVision WiFi Dictionary and NAD Profile for ISE I...
Created by hslai on 02-21-2021 01:59 PM
0
10
0
10
Attached are the dictionary and NAD profile as described in Arista CloudVision WiFi Integration with Cisco ISE .
Content for Community-Ad