Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
482
Views
0
Helpful
4
Replies

problem Nat with VPN failover on ASA5512x?

rechard_hk
Level 1
Level 1

‎08-17-2014 07:53 PM

Dear all Expert,

Please help me to advice on static nat ASA5512x with i using failover VPN connection.

Let me share as below:

on my ASA 5515x i'm using 4 interface ( Wan, Lan, localLoop01(VPN01) and localLoop02(VPN02). on my configuration i configure failover VPN from HQ to Branches by LocalLoop 01 and LocalLoop 02. and i'm using IP sla for failover routing . for VPN connection is working with primary( LocalLoop01) and when the primary donw the routing change to Backup ( LocalLoop02) but we problem on Static nat it now work. please see command as below:

nat (inside,localLoop01) source static HQ-LAN HQ-LAN destination static branch01 branch01

nat (inside,localLoop02) source static HQ-LAN HQ-LAN destination static branch01 branch01

if i want to back up VPN up ( LocalLoop02) i need to delete Static nat ( inside,LocalLoop01) then the VPN secondary is up. 

do you konw which command static auto for static, i don't need when the primary donw i need to delete on static .

 

Best Regards,

Rechard

 

Labels:
0 Helpful
4 Replies 4

Karsten Iwen
VIP
VIP

‎08-18-2014 12:24 AM

It's very likely that the problem is only the missing keyword "no-proxy-arp route-lookup" in your NAT-statements:

nat (inside,localLoop01) source static HQ-LAN HQ-LAN destination static branch01 branch01 no-proxy-arp route-lookup
nat (inside,localLoop02) source static HQ-LAN HQ-LAN destination static branch01 branch01 no-proxy-arp route-lookup

 

0 Helpful

rechard_hk
Level 1
Level 1
In response to Karsten Iwen

‎08-18-2014 06:50 PM

Dear Karsten,

 

Thanks you for your command.

I will test this command by end this week becuse now the system is running.

i will let you know after i test. 

Best Regards,

Rechard

0 Helpful

rechard_hk
Level 1
Level 1
In response to rechard_hk

‎09-07-2014 07:26 PM

Dear Karsten,

 

It very nice for your advice !!!!

now it is working on fail over after i follow your command that you gave me.

Could i ask you one question for forwarding port on ASA?

if we have 2 ISP and using forwarding port , if the primary down how can we switch forwarding port to secondary ISP?

 

Best Regards,

Rechard

0 Helpful

Karsten Iwen
VIP
VIP
In response to rechard_hk

‎09-08-2014 12:34 AM

Both incoming port-forwarding will work simultaneously, not only when the primary line is down.

0 Helpful
Customers Also Viewed These Support Documents