I have a client that has an ASA5520 that has two internet connections, FIOS and Comcast. The ASA is configured to failover from the FIOS to the Comcast if the FIOS fails. This works perfectly fine. However, I was wondering if VPN and other inbound traffic will come into the secondary connection when it is active. I think VPN will work inbound when the FIOS connection fails, but I am not sure about the other inbound connections. I have looked around the forums and Cisco.com for an answer to this question, but cannot find anything definitive.
No, you will need to add statics on the other link and if possible, either configure DDNs or create two entries on the DNS servers, one with the FIOS and the other with comcast.
For example if you have a Webserver, that device will need to have two public IPs, hence two static translations. That way, if the first link goes down, the client will try to use the other IP and of course will use the secondary link and then the secondary static nat entry will take effect.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...