ISP B was originally plugged into an ASA5510. So on this I have a whole world on NAT and PAT translations for internal servers. My external interface on the ASA was the 126.96.36.199/32 address and I PAT for all internal going outbound. Static NATs are assigned to the /29. So my new topology now looks like this.
What I need to know here is how do I get from firewall to router. If I asssign another /32 between fe0 and gi0/0 do I not end up doing double nat? The end user also manages the firewall at the moment and I dont want to have to do the translations on the router. Is this even possible? I have search the internet for many many hours now trying to find an example but have failed miserably.
But I only want my existing NAT through ISP B. I am using Policy Based Routing on these as I have specific traffic I need to go through ISP A.
Appreciate everyones feedback as Im now numb trying to find the solution.
I think the only way you'll avoid doing NAT on the router itself is if you can use one of your /29 addresses as the new outbound PAT address on your ASA. Either way, you're going to have to create a new /30 range between the ASA and the 2911, and the 2911 will need to have routes to your /29 pointing back to the ASA.
If you don't have an extra address, you'll have to do a PAT on the router interface.
Inviting all network professionals in operations! We'd like to understand what would be valuable for you in a mobile application. Your response will help Cisco improve a product feature that could benefit you. Thanks!
Click here to take the sur...
Cisco’s software-defined wide area network (SD-WAN) solution allows user to quickly and seamlessly establish an overlay fabric to connect an enterprise’s data centers, branch and campus locations, as well as colocation facilities in order to imp...
1. Log into CLI of DNAC:
ssh maglev@< DNAC appliance IP> -p 2222
2. Run this curl command to get token to get member id:
curl -X POST -u admin:<admin user password> -H -V https://<CLUSTER-IP>/api/system/v1/identitymgmt/token
Enterprise Switching Business Unit is glad to announce Beta release 16.12.2 for all Catalyst 9200/9300/9400/9500/9600 and Catalyst 3650/3850 Platforms. This release is made available to allow users to test, evaluate and share fee...
Purpose of the document
This document describes the general recommendations or best practices when designing and deploying the Cisco SD-Access technology. The document assumes that the reader has a general overview of Cisco's SD-Access for Distributed C...