route backup 188.8.131.52 255.255.255.255 184.108.40.206 10 (note the weight of this second route)
The track 123 monitors the real ip address of the primary server (220.127.116.11), so when this server is down, the ASA automatically
changes the route to 18.104.22.168, using 22.214.171.124 as next-hop instead 126.96.36.199. This works fine.
But, we also need to hide the IP address 188.8.131.52 to the clients that access through the outside interface. So, we use a static NAT mapping the IP 184.108.40.206 with the IP 220.127.116.11.
static (primary,outside) 18.104.22.168 22.214.171.124
static (backup,outside) 126.96.36.199 188.8.131.52
The problem is that if I do this neither of the statics work (OF COURSE, conceptually this totally makes sense to me)
I have to choose only one of both "statics", the primary or the backup interface.What I actually need is that the ASA map the global IP to the local IP through the interface where the route is active to the virtual IP address at that moment, and all this has to be automatic.
We had recently migrated from one Cisco 1811 Router to this ASA, and with the router this works just fine (sure, no INTERFACE mapping is needed for the static).
It appears that he has a single ISP but two local interfaces that one real server exists behind.
This server has two NICs behind two different interfaces on the ASA, both these NICs have IP addresses in 2 different networks, but share a third, vitrual IP address. He is trying to NAT this virtual IP address to one translated IP, but on two different internal interfaces.
As far as I can see this is not possible.
The reason being that the destination nat will disregard whatever route is in place. This can be seen if someone has a static NAT incorrectly configured. Like
static (inside,outside) 10.1.1.1 192.168.1.1
and even though the routing table may say 192.168.1.1 is actually on the DMZ, the packet is going to be pushed out the inside and you will get an error in the logs that says "no route to host".
Hopefully this will show where the flaw in the config is...
There are two servers, no only one and each server is located at different places and connected to differents interfaces of the ASA.
We dont have any problem with the routes. Only the problem with this static.
As far I know too, is it not possible to do what I need with the ASA, but, I actually use version 8.0.(4) in the ASA, and I was looking if a workaround exist, considering the new 8.3 version of the ASA and all the NAT new features this version has.
I really need to solve this. Also I think is not a bad idea to have a feature that can help with this kind of things.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...