11-08-2008 03:53 AM - edited 03-11-2019 07:10 AM
Hi, We have two ISP links following:
1) 1.1.1.0/24-----Outside
2) 2.2.2.0/24-----Outside2
Internal Network : 192.168.10.0/24-Inside
Using commands for natting and patting i.e
nat (Inside) 1 192.168.10.0 255.255.255.0
global (outside) 1 interface
Now I want to use static natting and allot one static public IP from the range of Ist ISP Provider Pool 1.1.1.2---Map with----192.168.10.2
And second public IP wud use from the 2nd ISP Provider pool 2.2.2.2----map with---192.168.10.3
All Internal Traffic are going out from outside Interface that means first static IP will work but how its possible that the second static natting 2.2.2.2 traffic to be bypass from second outside link (Outside2). Please help.
11-08-2008 09:31 AM
Ray, are you configuring asa for backup isp?
with above link you can try for inbound traffic through backup isp via (outside2) .
global (outside) 1 interface
global (outside2) 1 interface
route outside 0.0.0.0 0.0.0.0
route outside2 0.0.0.0 0.0.0.0
sla monitor 123
type echo protocol ipIcmpEcho
num-packets 3
frequency 10
sla monitor schedule 123 life forever start-time now
track 1 rtr 123 reachability
Then static NAT and inbound acl to allow traffic to both hosts
static (inside,outside) 1.1.1.2 192.168.10.2 netmask 255.255.255.255
static (inside,outside2) 2.2.2.2 192.168.10.3 netmask 255.255.255.255
access-list outside_access_in extended permit tcp any host 1.1.1.2 eq
access-group outside_access_in in interface outside
access-list outside2_access_in extended permit tcp any host 2.2.2.2 eq
access-group outside2_access_in in interface outside2
HTH
Jorge
11-08-2008 08:17 PM
Hi Jorge,
Thanks for your reply. Here I don't want to use ISP outside2 as a backup link, just want to know if i dont use nat and global commands and instead of that i use only static commands like follwoing:
static (inside,outside) 1.1.1.2 192.168.10.2 netmask 255.255.255.255
static (inside,outside2) 2.2.2.2 192.168.10.3 netmask 255.255.255.255
Will both Internal Servers be accessible from outside network from its own Public Address difined and can i access the internet from Servers as I believe that Nat and PAT are used only other machines which are not using static IP's and what would be the route commands in this case?
And what is a use of these commands:
sla monitor 123
type echo protocol ipIcmpEcho
num-packets 3
frequency 10
sla monitor schedule 123 life forever start-time now
track 1 rtr 123 reachability
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: