Philip is right. there is no

ChatWithaNinja · ‎01-04-2017

Hey all,

I've got a new position and I'm exploring the existing environment.

I've found that on my ASA 5510 (primary gateway) I've got a single internal IP that is NAT'd to 2 external IP's on different circuits.

The original engineer that set this up did so by creating objects with different names and NAT'ing each to a different external IP.

What kind of behavior would this cause?

This is for a barracuda device handling email.

object network 10.105.10.10_sr01-sf03
nat (DMZ,Outside) static 74.xxx.xx.xx

object network 10.105.10.10
nat (DMZ,outside_failover) static 50.xxx.xx.xx

interface Ethernet0/3.100
description AT&T Public network
vlan 100
nameif Outside
security-level 30
ip address 74.xx.xx.xx 255.255.255.224 standby 74.xx.xx.xx
!
interface Ethernet0/3.105
description VLAN for failover network
vlan 1000
nameif outside_failover
security-level 30
ip address 50.xx.xx.xx 255.255.255.128

interface Ethernet0/2
description DMZ Network
speed 100
duplex full
nameif DMZ
security-level 40
ip address 10.105.10.1 255.255.255.0 standby 10.105.10.2

Philip D'Ath · ‎01-04-2017

That will work fine. Where ever the default route currently points controls which NAT will be used.

Ravi Singh · ‎01-06-2017

Philip is right. there is no problem at all. the 2nd nating is used for failover to obtain high availability. If the first external link down it will switch the traffic to 2nd external link.

One internal IP NAT'd to 2 external IP's