2 ISP nat problem

Unanswered Question
Nov 17th, 2008

Good day .


Our topology is :


----1841----ISP1

|

ASA5510---

|

----1841----ISP2

We use EIGRP for routes redistribution.

Both 1841 has static nat rules for our inside services. When outside client is trying to connect to one of the translated outside ip adresses(for example the first one) he may recieve incoming packets from the other adress (second). So is there a way to restrict outgoing nat sessions to the route it was originated from.

Please excuse my english. Any feedback will be greatly appretiated.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mtebaccount Mon, 11/17/2008 - 00:46

hmm , dont think its exactly our case . Basicly we have 2 different outside adress pools , translation from each of them leads to one inside host , but it seems that ASA routes all outgoing nat translations only over one pool .



__________________--1841(nat 1.1.1.1)

10.10.10.1 --ASA--

__________________--1841(nat 2.2.2.2)


So basicly , client is connecting to 1.1.1.1 , and everything works fine , his session is translated to 10.10.10.1.

But when he is trying to connect to 2.2.2.2 , the session is returned to him over 1.1.1.1.


Probably something is wrong with eigrp redistribution . If this is the overlapping network case , then please excuse my poor knowledge .

Mohamed Sobair Mon, 11/17/2008 - 02:00

Hi,


No this is not Overlapping Network, and please execuse my poor understanding.


Probably its a routing issue.



HTH

Mohamed

mtebaccount Mon, 11/17/2008 - 02:12

Seems like routing to me as well . Is there a way to configure asa route incoming sessions back to the router they were orginated from (topology with 2 ISP)?

sdoremus33 Mon, 11/17/2008 - 10:37

Please provide the config for the 1841, and the ASA. Thanks

One option is to deploy split tunneling which might allieviate your problem, but first need to look at the config.Thanks

Actions

This Discussion