I want to use a different public IP address for NAT from the one assigned to the "outside2" interface. Below are the configs that I have used. When I am running "Config - I" (please see below) everything is fine, i am able to browse, ping etc. We run into problems and nothing works when I run "Config- II".
Have you cleared the translations/xlates for the users that use the "interface" after you have changed it to the "182.x.x.x" ?
I can't think of many reason why it should fail in this situation
Reasons might be:
Proxy ARP has been disabled on the ASA "outside2" interface with command "sysopt noproxyarp outside"
The configured IP address is not from the same network as the "outside2" interfaces network. And if its from different network, it might be that the gateway device doesnt have a route for this IP/subnet towards the current ASA "outside2" IP address
You can use the "packet-tracer" command to confirm that the Dynamic PAT works and that the traffic is allowed by the ASA
packet-tracer input inside tcp
It should show what translation is applied for the packet (provided that the traffic is allowed)
You can use the following command to view the active translations for a local host
Do you mean that the gateway IP address of the default route is from different network/subnet than the interface which the route is for?
route outside2 0.0.0.0 0.0.0.0 182.x.x.x 1
Why would you have such a configuration?
I would imagine that you are using a ISP failover and have 2 default routes configure on the ASA and the active ISP links default route is monitored and changed to failover link when the active/primary one fails?
With the Failover I didnt mean ASA Failover pair but your 2 OUTSIDE interfaces mentioned in the original post.
With regards to your setup with the 2 public subnets.
You dont need any route for the secondary subnet used on the ASA. The only place where a route is needed is on the ISP Router in front of the ASA firewall. That route should then be pointing at the ASAs current OUTSIDE interface IP address.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :