With object NAT it works great no matter which ISP I use. However, to my knowlege I can't use two different NATs using object NAT therefore I setup the two individual NAT statements shown in AFTER section. I also have identical ACLs on both ISP interfaces to allow needed traffic.
The host here happens to be a DVR. When using the individual NAT statements the web management page only partly loads or does not load at all. Video clients cannot connect at all. Basically you can see the DVR is kinda there and responding but not working as it should.
Is there something I am missing or should be doing differently?
To my understanding Static NAT for one internal host towards 2 different ISPs should work just fine as long as the connections are only formed from the ISP links towards the internal network. In this case the ASA should be able to use the existing connection and translation formed through the ISP in question to forward the return traffic correctly.
However if there is anything that requires the internal host to initiate connection towards the external networks then it will naturally only use the ISP which holds the default route at that point.
With regards to your NAT configuration. They seem to be basic Static NAT configurations with Manual NAT.
You can configure this with Auto NAT / Network Object NAT also but you just need to configure 2 different NAT as you can hold multiple "nat" statements under one "object"
So you could have
object network HOST-ISP-1
nat (inside,isp1) static
object network HOST-ISP-2
nat (inside,isp2) static
Maybe you could try the above configurations.
If the connections still dont work I would monitor the logs for any blocked connections or other problems.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :