Re: Two host with same nat on ASA 5505

marcelo.sequeira · ‎03-23-2011

Hello
I have 2 web servers that replicate between them (two different internal ip). My idea is that if one of them will not work, the other to do the relay.
I have a Cisco ASA 5505 I can do a nat for each machine. How should I set

PAUL GILBERT ARIAS · ‎03-23-2011

these servers need to be accessed from the outside, right? If so, I assume you have a static NAT for one server (public to private NAT). The ASA doesn't allow to have two different static NAT sharing the same outside IP going to two different internal IPs. You can do port-forwarding which means you can use the same external IP, translate different ports to different IPs.

I assume you want:

outside public IP: x.x.x.x

private IP A: y.y.y.y

private IP B: z.z.z.z

static (inside,outside) x.x.x.x y.y.y.y

static (inside,outside) x.x.x.x z.z.z.z

The above is not allowed. You can do the following:

static (inside,outside) tcp x.x.x.x 80 y.y.y.y 80

static (inside,outside) tcp x.x.x.x 8080 z.z.z.z 80

The above shows port redirection using the same outside IP, two different ports redirected to two different internal IPs with the same destination port.

I hope this clears your question.

marcelo.sequeira · ‎03-24-2011

first of all, thank you very much for your response.
I'm not sure that the solution is expected. My question is to know how to manage afailover on a server. I wish that if one fails, the packets are redirected to the other.
Is this possible from the firewall?

PAUL GILBERT ARIAS · ‎03-24-2011

I don't think that is possible using the ASA.