12-05-2012 04:23 PM - edited 03-07-2019 10:25 AM
Hi to all...This is by far the biggest sucker....i´v spent hous and hours, so now I´m starting with an ccna....but
I´m having an ASA 5505 firewall connected to my LAN, and from Firewall to My Cisco 819 3G Cellular....
Everything working...I´m getting on the net, And im reciving what I want....smtp, ftp ,etc etc...
that is done i think, with an NAT rule that nats everything in to my asa, wich then Filters and Translates to the right internel IP
My LAN is 192.168.0.0/24, My ASA is 192.168.0.10 on LAN side, and on Wan it´s 10.10.10.2
My Routher is then 10.10.10.1 and my public ip is on my cel 0 interface...
so far so good..
I´m Would then try to take my new connection an put that into a port called Gigabit 0 (WAN) and then........Make policy based Routing...f.x when i make traffic on port 80 it should use my ADSL connection....
I can make i work almost....
Well...I can make it take the right Route (Via ADSL) and also back.....BUT
All my normal incoming trafic is then not Working.....Not either on CEL 0 or GIGABIT 0
I dont need IP SLA....
What should i post for U guys ?
My starting config without PBR and only one isp or the Config with PBR ?
I would like it to react like it does now...it NATS of Routes everything directly to my ASA...and he does the Firewall think and VPN stuff and NAT
This is some of the commands i think I should use ?
access-list 101 permit tcp 10.10.10.0 0.0.0.255 any eq www
access-list 101 permit tcp 10.10.10.0 0.0.0.255 any eq 443
access-list 101 permit udp 10.10.10.0 0.0.0.255 any eq domain
ip nat inside source route-map nat_isp1_rm interface Cellular0 overload
ip nat inside source route-map nat_isp2_rm GigabitEthernet0 overload
ip access-list extended nat_isp1
permit tcp 10.10.10.0 0.0.0.255 any
ip access-list extended nat_isp2
permit ip 10.10.10.0 0.0.0.255 any
route-map nat_isp1_rm permit
match ip address nat_isp1
match interface cel 0
route-map nat_isp2_rm permit
match ip address nat_isp2
match interface gigabit 0
set ip next hop 95.166.108.1
route-map redirect permit
match ip address 101
set ip next-hop 95.166.108.1
int vlan 1
ip policy route-map redirect
12-05-2012 07:41 PM
Hi,
U need to use the translated IP from the ISP 2 because once u r traffic reaches ASA it is translated to public IP.
U need to define 2 pools on the ASA for NAT and configure PBR on your router,
Thanks
12-06-2012 02:28 AM
Okay, Sorry, could you give an example---)
Right now it´s working when only using 1 isp, so are you sure it´s on the ASA i should do a new nat?
would it be two rotary natpools that nats everything in to the ASA or in the Router ? one for each isp?
How do I make nat pools that forward all pools ? can i use like in ACL IP any ?
Can you give me an example ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide