Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
990
Views
0
Helpful
6
Replies

one inside source address statci nat to two outside interface address.

fly
Level 2
Level 2

‎07-14-2011 08:10 PM - edited ‎03-11-2019 01:59 PM

HI,

     i have a problem

    customer has a server which located in inside interace.    and an outside interface connected to ISPA.    cu config a static nat map inside server address to ISPA address

    one day customer install a new outside interface to ISPB, cu config new static nat ,map same server inside server address to ISPB address.

 

    the server will allways be vistited from outside interface and reply, custome want traffic coming from ISPA will return to ISPA, traffic coming from ISPB will return to ISPB.

   but i found it is difficult implement this on ASA5580.

    i want use route-map on static nat, but it will not satisfy customer's request.

   

  is there any new method .

  thank you

tom

Labels:
0 Helpful
6 Replies 6

varrao
Level 10
Level 10

‎07-14-2011 08:21 PM

Hi Fly,

I am not sure whether this is possible but still just to give it a try , can you tell me the following things:

will the same server be able to access from both ISPA and ISPB?

the server would be needed to be natted to 2 public IP's?

from which interface do you want to access the internet for internal users?

what software version are you using for ASA?

Kindly let me know the answers for thses questions.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

varrao
Level 10
Level 10
In response to varrao

‎07-14-2011 08:23 PM

If the customer is trying to setup a dual isp on asa, here is a doc for it:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

here is another one:

https://supportforums.cisco.com/docs/DOC-13015

-Varun

Thanks,
Varun Rao
0 Helpful

fly
Level 2
Level 2
In response to varrao

‎07-14-2011 08:31 PM

Hi Varun

     Thank you!

will the same server be able to access from both ISPA and ISPB?

//yes, same server be able to access from both ISPA and ISPB,  access traffic is coming from internet.

the server would be needed to be natted to 2 public IP's?

//yes static nat,   the server will be visited from internet only.  will never orginate traffic by itself

from which interface do you want to access the internet for internal users?

//custome want access traffic coming from ISPA will return to internet by ISBA interface,

access traffic coming from ISPB will return to internet by ISBB interface.

what software version are you using for ASA?

//i m not sure the version of software.

thank you!

Tom

0 Helpful

varrao
Level 10
Level 10
In response to fly

‎07-14-2011 11:52 PM

Hi Tom,

Kindly follow this thread, and let me know if your requirement matches:

https://supportforums.cisco.com/thread/2093723?tstart=0

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

lichuan liu
Level 1
Level 1
In response to varrao

‎07-15-2011 02:01 AM

Hi Varun

     thank you!

    it is not same sitiuation i have.

    may i clear my problem again.

    customer has one asa 5580, one inside interface, connect one inside server.

     two outside interface, these two outside interface connect to internet. one connect to ISPA,one connect to ISPB.different address space.

    

    custome config  two static map ,map same inside server to ISPA and ISPB address.

     the traffic is coming from internet( may be usa,europe,anywhere),     customer want implement this:

     when traffic is coming from ISPA, return traffic to internet will pass through ISPA interface

     when traffic is coming from ISPB,return traffic to internet  will pass through ISPB interface

     the server in inside interface will never originate traffic when there is no traffic from outside internet.

     thank you!

   Tom

0 Helpful

varrao
Level 10
Level 10
In response to lichuan liu

‎07-15-2011 03:13 AM

Hi Tom,

If I understand your requirement, there is no need for internet access from inside to outside, but only access from outside to inside. So based on this we can try this configuration:

Lets say you configure two interfaces ISPA and ISPB.

so for ISPA:

lets say the server IP is 2.2.2.2

access-list policy_ispa permit ip any host 2.2.2.2

nat (ISPA) 1 access-list policy_ispa

global (inside) 1 interface

static (inisde,ISPA) 2.2.2.2 10.1.1.1

for ISPB:

access-list policy_ispb permit ip any host 2.2.2.2

nat (ISPB) 2 access-list policy_ispb

global (inside) 2 interface

static (inside,ISPB) 2.2.2.2 10.1.1.1

This might help us with it, and you would definitely need a route for it:

route ISPA 0.0.0.0 0.0.0.0 1

route ISPB 0.0.0.0 0.0.0.0 100

I haven't tested any such configuration, but by logic, it should work.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card