Natting - Page 2

Amardeep Kumar · ‎07-29-2010

HI

I want to configure two natting statment with my sinlge local IP for my mail Server. Is it possible to create another router with same local ip for another extenal IP. I am using ASA 5505.

Right now I have

static (inside,outside) xxx.xxx.xxx.xxx 192.168.12.49 netmask 255.255.255.255

static (inside,outside) yyy.yyy.yyy.yyy 192.168.12.49 netmask 255.255.255.255 ( I want to do like this)

Thanks

Amardeep Rana

Nagaraja Thanthry · ‎07-30-2010

Hello,

Did you have another interface (Vlan 22) named ISP2? Did you by any chance

used "backup-interface" configuration on the firewall? Can you please post

the configuration with the second ISP interface here?

Regards,

NT

Amardeep Kumar · ‎07-30-2010

Hi ,

I have used this config but As I got issue I rebooted my ASA .

ASA5505(config)# interface ethernet 0/0
ASA5505(config-if)# switchport access vlan 2
ASA5505(config-if)# no shutdown

ASA5505(config)# interface ethernet 0/1
ASA5505(config-if)# switchport access vlan 1
ASA5505(config-if)# no shutdown

ASA5505(config)# interface ethernet 0/2
ASA5505(config-if)# switchport access vlan 3
ASA5505(config-if)# no shutdown

ASA5505(config)# interface vlan 1
ASA5505(config-if)# nameif inside
ASA5505(config-if)# security-level 100
ASA5505(config-if)# ip address 192.168.1.1 255.255.255.0
ASA5505(config-if)# no shutdown

ASA5505(config)# interface vlan 2
ASA5505(config-if)# nameif primary-isp
ASA5505(config-if)# security-level 0
ASA5505(config-if)# ip address Primary ISP Exteral IP 255.255.255.0
ASA5505(config-if)# backup interface vlan 3
ASA5505(config-if)# no shutdown

ASA5505(config)# interface vlan 3
ASA5505(config-if)# nameif backup-isp
ASA5505(config-if)# security-level 1
ASA5505(config-if)# ip address Backup Isp 2 255.255.255.0
ASA5505(config-if)# no shutdown

ASA5505(config)# route primary-isp 0.0.0.0 0.0.0.0 Primary ISP Exteral IP 1
ASA5505(config)# route backup-isp 0.0.0.0 0.0.0.0 Backup (Isp )

Check also

nat (inside) 1 192.168.1.0 255.255.255.0
nat (inside) 1 0.0.0.0 0.0.0.0

route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1 track 1

route backup-isp 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 2

global (backupisp) 1 interface

access-group 10 in interface backupisp

Finally I put this command

static (inside,backup-isp) yyy.yyy.yyy.yyy 192.168.12.49 netmask 255.255.255.255

Thanks

Amardeep K

Nagaraja Thanthry · ‎07-30-2010

Hello,

I see that there are no NAT rules for the primary interface in your

configuration. Let's try the following:

ASA5505(config)# interface ethernet 0/0

ASA5505(config-if)# switchport access vlan 2

ASA5505(config-if)# no shutdown

ASA5505(config)# interface ethernet 0/1

ASA5505(config-if)# switchport access vlan 1

ASA5505(config-if)# no shutdown

ASA5505(config)# interface ethernet 0/2

ASA5505(config-if)# switchport access vlan 3

ASA5505(config-if)# no shutdown

ASA5505(config)# interface vlan 1

ASA5505(config-if)# nameif inside

ASA5505(config-if)# security-level 100

ASA5505(config-if)# ip address 192.168.1.1 255.255.255.0

ASA5505(config-if)# no shutdown

ASA5505(config)# interface vlan 2

ASA5505(config-if)# nameif primary-isp

ASA5505(config-if)# security-level 0

ASA5505(config-if)# ip address Primary ISP Exteral IP 255.255.255.0

ASA5505(config-if)# no backup interface vlan 3

Amardeep Kumar · ‎07-30-2010

Hi NJ,

I will try your Configration in off hours. But please explain it. last command. When there is not Vlan 3 in my config.

ASA5505(config)# interface vlan 2

ASA5505(config-if)# nameif primary-isp

ASA5505(config-if)# security-level 0

ASA5505(config-if)# ip address Primary ISP Exteral IP 255.255.255.0

ASA5505(config-if)# no backup interface vlan 3

Here I want to know that what will be the reason I had to change all the static routes. and new records are running ,

Suppose I had below static before.

static (inside,outside) xxx.xxx.xxx.xxx 192.168.12.56 netmask 255.255.255.2 ( This was running before , I setup for Daul ISP)
static (inside,outside) xxx.xxx.xxx.xxx 192.168.12.77 netmask 255.255.255.2 (( This was running before , I setup for Daul ISP)

But I did not saving anthing on ASA and reboot it. After reboot both of uper static did not run. I tried xlate. But.....

Then I have to create new static and then I was able to access with new IP.

static (inside,outside) yyy.yyy.yyy.yyy 192.168.12.56 netmask 255.255.255.2
static (inside,outside) yyy.yyy.yyy.yyy 192.168.12.77 netmask 255.255.255.2

Please help

Thanks

Amardeep Rana

Nagaraja Thanthry · ‎07-30-2010

Hello,

The issue could be that the ISP router had wrong ARP entry for those IP

addresses. You might want to reboot your ISP router (or talk to them and

have them flush their ARP cache).

Hope this helps.

Regards,

NT

Amardeep Kumar · ‎08-05-2010

HI NT,

I have a Router 1841 that is given by ISP to terminate the link and they handle this router their self. I have rebooted that router. but after that I am again not able to access old IP series. I mean when I create a nat route from local to Live ip. this does not work. Please help ..

Thanks

Amardeep Rana