Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
704
Views
0
Helpful
3
Replies

Routing and natting Two different pools of public ip address

sonacolombia
Level 1
Level 1

‎06-12-2011 10:46 AM - edited ‎03-11-2019 01:44 PM

Hi

I have a question about if something is possible with an ASA.

Actually the customer has the inside interface, a DMZ and the outside. For the outside the ISP deliver a set of IP address for all the servers and the inside network go to the internet and this will be configured as a default network in the ASA. A different ISP with 5 public ip addresses for 5 servers is also configured at this time.

Is there any way to integrate this in the ASA without contexts? (I need to set VPNs). If I put the main ISP as a default route for everything then I dont know how to make work the second ISP just for the five servers to go trought the internet and natting.

We know asa does not support policy based routing so we dont know if for the 5 servers we could go all traffic for the default interface and just public the natting of the public addresses for the second interface of the ISP so the traffic of this servers could leave for the default interface and return for the second interface.

Thanks

JMC

Labels:
0 Helpful
3 Replies 3

varrao
Level 10
Level 10

‎06-12-2011 11:15 AM

Hi Jose,

What code are you running for the ASA??? And you want to access 5 particular servers from your second ISP line????

This might be given a try as I have done it for versin 8.4. Do let me know.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

sonacolombia
Level 1
Level 1
In response to varrao

‎06-12-2011 11:39 AM

Hi I've not done any code yet as im on the lab stage before going to the customer.

Yes, i want to access five particular servers from my second ISP line as they gave me a second subset of ip address trough a second line.

Is this possible?

Do you have a confguration you can share with me?

Thank you

JMC

0 Helpful

varrao
Level 10
Level 10
In response to sonacolombia

‎06-14-2011 11:21 AM

Hi Jose,

Sorry for the late reply....

Yes we can possiblily do it, here's the config:

nat (outside2) 1 0.0.0.0 0.0.0.0

global (inside) 1 interface

static (inside,outside2)  

this should work for us, where outside2 is the backup ISP interface.

let me know how it goes, do let me know if you are using ASA 8.3 or later, beacuse these NATY commands would be different in that case.

Hope this helps,

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card