12-11-2012 11:33 AM
We have asa connected via vpn
Site 1 is live
Site 2 is in. Standby
We have a web site (asa public server) which is live in site 1. We need to switch this to site 2, as the site 1 dc is shutting down. What we need to do is redirect all traffic hitting the site 1 asa (in case of slow dns update or clients having fixed ip to our service) is it possible to set up public server (open port) to send the traffic over the vpn?
12-11-2012 11:43 AM
If it is a web server and you need to give users access to the webserver located at Site 2. You just setup the NAT for that server accordingly depending on how your sites are connected. Is your site 2 getting to the Internet via Site 1? In that case you just update the NATed IP of the server on the ASA.
But you mentioned VPN so it can also mean that you have an Internet connection at Site 2 with another ASA. So in that case you can just point the DNS entry to an available public IP addres at Site 2 and then NAT that public IP address to the Webserver at Site 2.
12-11-2012 11:59 AM
Thanks but i think you misunderstood what we need to do
When we switch sites (ie change dns) all external traffic should hit the second site asa (which is aleady set up)
What we need to do is ensure any traffic which may hit site one (i.e via slow dns propgation or hard coded access) get redirect to the correct site.
If we can set the public servers on the asa to go over the vpn link between the two sites it would be ideal
12-11-2012 12:52 PM
Then you can just NAT the public IP on the Site 1 ASA to the Site 2 server as well.
12-11-2012 01:15 PM
Yeh tried that but when nating i have to select an named interface, but vpn are not named as interfaces
12-11-2012 01:22 PM
You can't just update the NAT like this...?
network object webserver
host 192.168.1.10 (This would be the IP of the webserver located at Site #2)
nat (inside,outside) static 1.1.1.1 (1.1.1.1 being the public IP)
12-12-2012 06:45 AM
no sorry that does not work
12-12-2012 07:04 AM
What doesn't work in that exactly? How do you have the NAT setup right now?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide