NAT exempt question

hantonov42 · ‎12-07-2008

Hello,

I have two sites interconnected by MPLS. Each site has an ASA and is connected to the internet. I'm trying to setup failover for internet connectivity and when on one site the ISP connection is down to route the internet traffic into MPLS and then to the ISP on the other site. The sla monitoring is working but the NAT is converting the traffic since it is not covered by NAT exempt rule and I do not see a way to exempt depending on the outgoing interface. Any suggestions?

ccarreto · ‎12-08-2008

I build such a scenario for a colleague. Instead of using MPLS I use a WAN-link (doesn't matter).

I only backup ASA 2, but it should run in both ways.

Routing protocol RIPv2

Internet

|

ASA 1

|

inside - 192.168.16.0/21

|

WAN

|

inside - 192.168.32.0/21

|

ASA 2

|

internet

NAT configuration on ASA 1

--------------------------

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

route outside 0.0.0.0 0.0.0.0 81.x.x.x

configuration ASA 2

-------------------

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

route outside 0.0.0.0 0.0.0.0 82.x.x.x 1 track 1

sla monitor 1

type echo protocol ipIcmpEcho 81.x.x.x interface outside

num-packets 3

frequency 10

sla monitor schedule 1 life forever start-time now

router rip

network 192.168.32.0

redistribute static metric 1

version 2

no auto-summary

If the Internet on ASA 2 goes down, the default-route to ASA 1 will work.

Hope it helps.