Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
419
Views
0
Helpful
5
Replies

2 ISP nat problem

mtebaccount
Level 1
Level 1

‎11-17-2008 12:14 AM - edited ‎03-04-2019 12:21 AM

Good day .

Our topology is :

----1841----ISP1

|

ASA5510---

|

----1841----ISP2

We use EIGRP for routes redistribution.

Both 1841 has static nat rules for our inside services. When outside client is trying to connect to one of the translated outside ip adresses(for example the first one) he may recieve incoming packets from the other adress (second). So is there a way to restrict outgoing nat sessions to the route it was originated from.

Please excuse my english. Any feedback will be greatly appretiated.

Labels:
0 Helpful
5 Replies 5

Mohamed Sobair
Level 7
Level 7

‎11-17-2008 12:26 AM

Hi,

If you mean you have overlapping Network, then please refer to the bellow example, it shows how to configure (NAT in Overlapping Network):

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080093f30.shtml

HTH

Mohamed

0 Helpful

mtebaccount
Level 1
Level 1
In response to Mohamed Sobair

‎11-17-2008 12:46 AM

hmm , dont think its exactly our case . Basicly we have 2 different outside adress pools , translation from each of them leads to one inside host , but it seems that ASA routes all outgoing nat translations only over one pool .

__________________--1841(nat 1.1.1.1)

10.10.10.1 --ASA--

__________________--1841(nat 2.2.2.2)

So basicly , client is connecting to 1.1.1.1 , and everything works fine , his session is translated to 10.10.10.1.

But when he is trying to connect to 2.2.2.2 , the session is returned to him over 1.1.1.1.

Probably something is wrong with eigrp redistribution . If this is the overlapping network case , then please excuse my poor knowledge .

0 Helpful

Mohamed Sobair
Level 7
Level 7

‎11-17-2008 02:00 AM

Hi,

No this is not Overlapping Network, and please execuse my poor understanding.

Probably its a routing issue.

HTH

Mohamed

0 Helpful

mtebaccount
Level 1
Level 1
In response to Mohamed Sobair

‎11-17-2008 02:12 AM

Seems like routing to me as well . Is there a way to configure asa route incoming sessions back to the router they were orginated from (topology with 2 ISP)?

0 Helpful

sdoremus33
Level 3
Level 3
In response to mtebaccount

‎11-17-2008 10:37 AM

Please provide the config for the 1841, and the ASA. Thanks

One option is to deploy split tunneling which might allieviate your problem, but first need to look at the config.Thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card