Static Natting

Unanswered Question
Nov 8th, 2008

Hi, We have two ISP links following:

1) 1.1.1.0/24-----Outside

2) 2.2.2.0/24-----Outside2

Internal Network : 192.168.10.0/24-Inside

Using commands for natting and patting i.e

nat (Inside) 1 192.168.10.0 255.255.255.0

global (outside) 1 interface

Now I want to use static natting and allot one static public IP from the range of Ist ISP Provider Pool 1.1.1.2---Map with----192.168.10.2

And second public IP wud use from the 2nd ISP Provider pool 2.2.2.2----map with---192.168.10.3

All Internal Traffic are going out from outside Interface that means first static IP will work but how its possible that the second static natting 2.2.2.2 traffic to be bypass from second outside link (Outside2). Please help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Sat, 11/08/2008 - 09:31

Ray, are you configuring asa for backup isp?

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

with above link you can try for inbound traffic through backup isp via (outside2) .

global (outside) 1 interface

global (outside2) 1 interface

route outside 0.0.0.0 0.0.0.0 1

route outside2 0.0.0.0 0.0.0.0 <254>

sla monitor 123

type echo protocol ipIcmpEcho interface outside

num-packets 3

frequency 10

sla monitor schedule 123 life forever start-time now

track 1 rtr 123 reachability

Then static NAT and inbound acl to allow traffic to both hosts

static (inside,outside) 1.1.1.2 192.168.10.2 netmask 255.255.255.255

static (inside,outside2) 2.2.2.2 192.168.10.3 netmask 255.255.255.255

access-list outside_access_in extended permit tcp any host 1.1.1.2 eq log

access-group outside_access_in in interface outside

access-list outside2_access_in extended permit tcp any host 2.2.2.2 eq log

access-group outside2_access_in in interface outside2

HTH

Jorge

ray_stone Sat, 11/08/2008 - 20:17

Hi Jorge,

Thanks for your reply. Here I don't want to use ISP outside2 as a backup link, just want to know if i dont use nat and global commands and instead of that i use only static commands like follwoing:

static (inside,outside) 1.1.1.2 192.168.10.2 netmask 255.255.255.255

static (inside,outside2) 2.2.2.2 192.168.10.3 netmask 255.255.255.255

Will both Internal Servers be accessible from outside network from its own Public Address difined and can i access the internet from Servers as I believe that Nat and PAT are used only other machines which are not using static IP's and what would be the route commands in this case?

And what is a use of these commands:

sla monitor 123

type echo protocol ipIcmpEcho interface outside

num-packets 3

frequency 10

sla monitor schedule 123 life forever start-time now

track 1 rtr 123 reachability

Actions

This Discussion