Static Natting

Unanswered Question
Nov 8th, 2008
User Badges:

Hi, We have two ISP links following:

1) 1.1.1.0/24-----Outside

2) 2.2.2.0/24-----Outside2

Internal Network : 192.168.10.0/24-Inside


Using commands for natting and patting i.e

nat (Inside) 1 192.168.10.0 255.255.255.0

global (outside) 1 interface


Now I want to use static natting and allot one static public IP from the range of Ist ISP Provider Pool 1.1.1.2---Map with----192.168.10.2

And second public IP wud use from the 2nd ISP Provider pool 2.2.2.2----map with---192.168.10.3


All Internal Traffic are going out from outside Interface that means first static IP will work but how its possible that the second static natting 2.2.2.2 traffic to be bypass from second outside link (Outside2). Please help.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Sat, 11/08/2008 - 09:31
User Badges:
  • Green, 3000 points or more

Ray, are you configuring asa for backup isp?


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml


with above link you can try for inbound traffic through backup isp via (outside2) .


global (outside) 1 interface

global (outside2) 1 interface



route outside 0.0.0.0 0.0.0.0 1

route outside2 0.0.0.0 0.0.0.0 <254>


sla monitor 123

type echo protocol ipIcmpEcho interface outside

num-packets 3

frequency 10


sla monitor schedule 123 life forever start-time now


track 1 rtr 123 reachability



Then static NAT and inbound acl to allow traffic to both hosts



static (inside,outside) 1.1.1.2 192.168.10.2 netmask 255.255.255.255

static (inside,outside2) 2.2.2.2 192.168.10.3 netmask 255.255.255.255



access-list outside_access_in extended permit tcp any host 1.1.1.2 eq log

access-group outside_access_in in interface outside


access-list outside2_access_in extended permit tcp any host 2.2.2.2 eq log

access-group outside2_access_in in interface outside2




HTH

Jorge

ray_stone Sat, 11/08/2008 - 20:17
User Badges:

Hi Jorge,


Thanks for your reply. Here I don't want to use ISP outside2 as a backup link, just want to know if i dont use nat and global commands and instead of that i use only static commands like follwoing:


static (inside,outside) 1.1.1.2 192.168.10.2 netmask 255.255.255.255

static (inside,outside2) 2.2.2.2 192.168.10.3 netmask 255.255.255.255


Will both Internal Servers be accessible from outside network from its own Public Address difined and can i access the internet from Servers as I believe that Nat and PAT are used only other machines which are not using static IP's and what would be the route commands in this case?


And what is a use of these commands:


sla monitor 123

type echo protocol ipIcmpEcho interface outside

num-packets 3

frequency 10


sla monitor schedule 123 life forever start-time now


track 1 rtr 123 reachability

Actions

This Discussion