Cisco ASA : Two inside interfaces and NAT/Port forwards.
Due to having two routers on the inside of an ASA running HSRP for fail over purposes I have two inside interfaces. For example:
Int GE0/0 : 126.96.36.199 (outside) Int GE0/1 : 10.0.0.1/30 (inside1) Int GE0/2 : 10.0.1.1/30 (inside2)
Cisco Router Primary Int GE0/0 : 10.0.0.2/30 Int GE0/1 : 192.168.1.254/24 (standby IP) Int GE0/2 : 192.168.5.254/24 (standby IP)
Cisco Router backup Int GE0/0 : 10.0.1.2/30 Int GE0/1 : 192.168.1.254/24 (standby IP) Int GE0/2 : 192.168.5.254/24 (standby IP)
Due to the the way the failover works traffic could come into the ASA via either the "inside" or "inside2" interface.
When setting NAT and port forwards you have to specify the inside and outside interface for it to work. I don't want to have to remove and re-apply all the port forwards if the primary router fails and traffic starts to come into the ASA on the inside2 interface.
You don't need to remove the NAT commands for the inside interface when it has failed. Why not just have two sets of NAT commands that are exactly the same, except one set references inside1 and the other references inside2?
Please remember to select a correct answer and rate helpful posts
Please remember to rate and select a correct answer
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...