08-22-2016 05:16 PM
Pardon any ignorance in the question. I have an ASA 5515-x at my work place and we just added a second ISP to one of the interfaces. We have two servers on the inside of our network and we would like each server to use one of the internet connections the ASA is connected to. Is there any way I can place one server to send all its content out one pipe and the other server through the other, without each interfering with the other. Any help would be appreciated. Thanks in advance.
Solved! Go to Solution.
08-23-2016 12:27 AM
Hello,
I havent try the below before but i guess you can.
Try the below config:
Example 1
interface gi0/1
nameif ISP_1
security-level 0
ip address 1.1.1.1 255.255.255.252 (replace with your real ip)
interface gi0/2
nameif ISP_2
security-level 0
ip address 2.2.2.1 255.255.255.252 (replace with your real ip)
interface gi0/3
nameif INSIDE
security-level 100
ip address 192.168.1.1 255.255.255.0
object network SERVER_1
host 192.168.1.10
nat (INSIDE,ISP_1) dynamic interface
object network LAN_TO_INTERNET
subnet 192.168.1.0 255.255.255.0 => Note that server 2 will fall together with your inside address
nat (INSIDE, ISP_2) dynamic interface
Example 2 ( Server resides on DMZ ) Static PAT will be used
interface gi0/1
nameif ISP_1
security-level 0
ip address 1.1.1.1 255.255.255.252 (replace with your real ip)
interface gi0/2
nameif ISP_2
security-level 0
ip address 2.2.2.1 255.255.255.252 (replace with your real ip)
interface gi0/3
nameif INSIDE
security-level 100
ip address 192.168.1.1 255.255.255.0
interface gi0/4
nameif DMZ
security-level 100
ip address 192.168.20.1 255.255.255.0
object network SERVER_1
host 192.168.20.10
nat (INSIDE,ISP_1) static interface service tcp 80 80 (This will allow anything from and to port 80)
object network SERVER_1
host 192.168.20.20
nat (INSIDE,ISP_2) static interface service tcp 80 80
check http://www.tunnelsup.com/nat-for-cisco-asas-version-8-3 for more examples.
HTH.
Regards,
Terence
08-23-2016 12:27 AM
Hello,
I havent try the below before but i guess you can.
Try the below config:
Example 1
interface gi0/1
nameif ISP_1
security-level 0
ip address 1.1.1.1 255.255.255.252 (replace with your real ip)
interface gi0/2
nameif ISP_2
security-level 0
ip address 2.2.2.1 255.255.255.252 (replace with your real ip)
interface gi0/3
nameif INSIDE
security-level 100
ip address 192.168.1.1 255.255.255.0
object network SERVER_1
host 192.168.1.10
nat (INSIDE,ISP_1) dynamic interface
object network LAN_TO_INTERNET
subnet 192.168.1.0 255.255.255.0 => Note that server 2 will fall together with your inside address
nat (INSIDE, ISP_2) dynamic interface
Example 2 ( Server resides on DMZ ) Static PAT will be used
interface gi0/1
nameif ISP_1
security-level 0
ip address 1.1.1.1 255.255.255.252 (replace with your real ip)
interface gi0/2
nameif ISP_2
security-level 0
ip address 2.2.2.1 255.255.255.252 (replace with your real ip)
interface gi0/3
nameif INSIDE
security-level 100
ip address 192.168.1.1 255.255.255.0
interface gi0/4
nameif DMZ
security-level 100
ip address 192.168.20.1 255.255.255.0
object network SERVER_1
host 192.168.20.10
nat (INSIDE,ISP_1) static interface service tcp 80 80 (This will allow anything from and to port 80)
object network SERVER_1
host 192.168.20.20
nat (INSIDE,ISP_2) static interface service tcp 80 80
check http://www.tunnelsup.com/nat-for-cisco-asas-version-8-3 for more examples.
HTH.
Regards,
Terence
08-23-2016 09:19 AM
Very helpful, I contacted a cisco tech and he did just that. I had forgotten to place the second static route for the second ISP and he set my nat to work correctly. Thanks for the assistance.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide