Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Cisco ASA : Two inside interfaces and NAT/Port forwards.

Due to having two routers on the inside of an ASA running HSRP for fail over purposes I have two inside interfaces. For example:

ASA

Int GE0/0 : 8.8.8.8 (outside)
Int GE0/1 : 10.0.0.1/30 (inside1)
Int GE0/2 : 10.0.1.1/30 (inside2)

Cisco Router Primary
Int GE0/0 : 10.0.0.2/30
Int GE0/1 : 192.168.1.254/24 (standby IP)
Int GE0/2 : 192.168.5.254/24 (standby IP)

Cisco Router backup
Int GE0/0 : 10.0.1.2/30
Int GE0/1 : 192.168.1.254/24 (standby IP)
Int GE0/2 : 192.168.5.254/24 (standby IP)

Due to the the way the failover works traffic could come into the ASA via either the "inside" or "inside2" interface.

When setting NAT and port forwards you have to specify the inside and outside interface for it to work. I don't want to have to remove and re-apply all the port forwards if the primary router fails and traffic starts to come into the ASA on the inside2 interface.

Is there an easier way to do this?

Thanks

1 REPLY

You don't need to remove the

You don't need to remove the NAT commands for the inside interface when it has failed.  Why not just have two sets of NAT commands that are exactly the same, except one set references inside1 and the other references inside2?

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
200
Views
0
Helpful
1
Replies
CreatePlease to create content