Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA 5510 service based

Is there a way to NAT based on availability of a protocol?  Put another way can the ASA have a NAT entry for a web server that includes a primary inside address, and a secondary inside address to use in case the primary isn't responding?

I know this is the realm of load balancers, but I have a special situation with limited resources.



Community Member

Re: ASA 5510 service based

Hi Rick,

For this situation I guess you would need to add NAT and ACL statements for both the Primary and secondary IP's.

Whenever the Primary IP fails and the server fallback to secondary then, the ASA would start using the second nat statement for the request coming in for your secondary IP.

Now I understand you would have only one public ip for both the primary and secondary private ip, is that so???

Community Member

ASA 5510 service based

Also wats the code that you using on the ASA.

Community Member

Re: ASA 5510 service based

this is not possible

you can not statically map a public to 2 different private IP's to the same public IP on the same port

either you do port forwarding for 2 differant IP's on 2 differant ports like below

stat (in,out) tcp 80 80

stat (in,out) tcp 443 443

but that does not solve you problem

so basically what you are trying to achive is not possible.

ASA 5510 service based


I know this is a load balancing solution but do you manage the DNS Server for the web server? If so you could implement DNS round-robin:



CreatePlease to create content