cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Popup Hotspot Using ISR 1000 with WiFi/LTE for Teleworkers and Micro Branchesr
133
Views
0
Helpful
2
Replies
Highlighted
Beginner

dual homed ASA is using both NAT/PAT addresses

So I have an ASA Dual homed using IP SLA with tracking for my routes to set outside1 as the primary link:

 


nat (any,outside1) after-auto source dynamic Internal interface
nat (any,outside2) after-auto source dynamic Internal interface

route outside1 0.0.0.0 0.0.0.0 XXX.XXX.54.XXX 1 track 1
route outside2 0.0.0.0 0.0.0.0 XXX.XXX.108.XXX 254

 

 

The issue is that somehow a few devices are getting NATted to XXX.XXX.108.XXX (outside2)

 

How can I prevent devices from NATting to outside2 unless outside1 is down?

 

 

Thanks for your help!

 

 

Everyone's tags (3)
2 REPLIES 2
Highlighted
VIP Mentor

Re: dual homed ASA is using both NAT/PAT addresses

The issue is that somehow a few devices are getting NATted to XXX.XXX.108.XXX (outside2)

 

i beiieve you should use below syntax for the backup route

 

route backup 0.0.0.0 0.0.0.0  XXX.XXX.108.XXX 254

 

refer below guide :

 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118962-configure-asa-00.html

BB
*** Rate All Helpful Responses ***
Highlighted
Collaborator

Re: dual homed ASA is using both NAT/PAT addresses

Hi,

 

   Maybe at some point the SLA went down and thus routing/NAT changed? For those IP's which get NAT'ed by the second NAT statement, run a "packet-tracer" and see which route/NAT entry does it match.

 

Regards,

Cristian Matei.