Cisco ASA : Two inside interfaces and NAT/Port forwards.

Unanswered Question
Jun 7th, 2014
User Badges:

Due to having two routers on the inside of an ASA running HSRP for fail over purposes I have two inside interfaces. For example:

ASA

Int GE0/0 : 8.8.8.8 (outside)
Int GE0/1 : 10.0.0.1/30 (inside1)
Int GE0/2 : 10.0.1.1/30 (inside2)

Cisco Router Primary
Int GE0/0 : 10.0.0.2/30
Int GE0/1 : 192.168.1.254/24 (standby IP)
Int GE0/2 : 192.168.5.254/24 (standby IP)

Cisco Router backup
Int GE0/0 : 10.0.1.2/30
Int GE0/1 : 192.168.1.254/24 (standby IP)
Int GE0/2 : 192.168.5.254/24 (standby IP)

Due to the the way the failover works traffic could come into the ASA via either the "inside" or "inside2" interface.

When setting NAT and port forwards you have to specify the inside and outside interface for it to work. I don't want to have to remove and re-apply all the port forwards if the primary router fails and traffic starts to come into the ASA on the inside2 interface.

Is there an easier way to do this?

Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marius Gunnerud Sat, 06/07/2014 - 13:29
User Badges:
  • Red, 2250 points or more
  • Cisco Designated VIP,

    2017 Firewalling

You don't need to remove the NAT commands for the inside interface when it has failed.  Why not just have two sets of NAT commands that are exactly the same, except one set references inside1 and the other references inside2?

--

Please remember to select a correct answer and rate helpful posts

Actions

This Discussion