Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
498
Views
0
Helpful
2
Replies

Static Natting

ray_stone
Level 1
Level 1

‎11-08-2008 03:53 AM - edited ‎03-11-2019 07:10 AM

Hi, We have two ISP links following:

1) 1.1.1.0/24-----Outside

2) 2.2.2.0/24-----Outside2

Internal Network : 192.168.10.0/24-Inside

Using commands for natting and patting i.e

nat (Inside) 1 192.168.10.0 255.255.255.0

global (outside) 1 interface

Now I want to use static natting and allot one static public IP from the range of Ist ISP Provider Pool 1.1.1.2---Map with----192.168.10.2

And second public IP wud use from the 2nd ISP Provider pool 2.2.2.2----map with---192.168.10.3

All Internal Traffic are going out from outside Interface that means first static IP will work but how its possible that the second static natting 2.2.2.2 traffic to be bypass from second outside link (Outside2). Please help.

Labels:
0 Helpful
2 Replies 2

JORGE RODRIGUEZ
Level 10
Level 10

‎11-08-2008 09:31 AM

Ray, are you configuring asa for backup isp?

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

with above link you can try for inbound traffic through backup isp via (outside2) .

global (outside) 1 interface

global (outside2) 1 interface

route outside 0.0.0.0 0.0.0.0 1

route outside2 0.0.0.0 0.0.0.0 <254>

sla monitor 123

type echo protocol ipIcmpEcho interface outside

num-packets 3

frequency 10

sla monitor schedule 123 life forever start-time now

track 1 rtr 123 reachability

Then static NAT and inbound acl to allow traffic to both hosts

static (inside,outside) 1.1.1.2 192.168.10.2 netmask 255.255.255.255

static (inside,outside2) 2.2.2.2 192.168.10.3 netmask 255.255.255.255

access-list outside_access_in extended permit tcp any host 1.1.1.2 eq log

access-group outside_access_in in interface outside

access-list outside2_access_in extended permit tcp any host 2.2.2.2 eq log

access-group outside2_access_in in interface outside2

HTH

Jorge

Jorge Rodriguez
0 Helpful

ray_stone
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎11-08-2008 08:17 PM

Hi Jorge,

Thanks for your reply. Here I don't want to use ISP outside2 as a backup link, just want to know if i dont use nat and global commands and instead of that i use only static commands like follwoing:

static (inside,outside) 1.1.1.2 192.168.10.2 netmask 255.255.255.255

static (inside,outside2) 2.2.2.2 192.168.10.3 netmask 255.255.255.255

Will both Internal Servers be accessible from outside network from its own Public Address difined and can i access the internet from Servers as I believe that Nat and PAT are used only other machines which are not using static IP's and what would be the route commands in this case?

And what is a use of these commands:

sla monitor 123

type echo protocol ipIcmpEcho interface outside

num-packets 3

frequency 10

sla monitor schedule 123 life forever start-time now

track 1 rtr 123 reachability

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card