NAT exempt question

Unanswered Question
Dec 7th, 2008


I have two sites interconnected by MPLS. Each site has an ASA and is connected to the internet. I'm trying to setup failover for internet connectivity and when on one site the ISP connection is down to route the internet traffic into MPLS and then to the ISP on the other site. The sla monitoring is working but the NAT is converting the traffic since it is not covered by NAT exempt rule and I do not see a way to exempt depending on the outgoing interface. Any suggestions?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ccarreto Mon, 12/08/2008 - 06:53

I build such a scenario for a colleague. Instead of using MPLS I use a WAN-link (doesn't matter).

I only backup ASA 2, but it should run in both ways.

Routing protocol RIPv2





inside -




inside -





NAT configuration on ASA 1


nat (inside) 1

global (outside) 1 interface

route outside 81.x.x.x

configuration ASA 2


global (outside) 1 interface

nat (inside) 1

route outside 82.x.x.x 1 track 1

sla monitor 1

type echo protocol ipIcmpEcho 81.x.x.x interface outside

num-packets 3

frequency 10

sla monitor schedule 1 life forever start-time now

router rip


redistribute static metric 1

version 2

no auto-summary

If the Internet on ASA 2 goes down, the default-route to ASA 1 will work.

Hope it helps.


This Discussion