Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Multihomed ASA and NAT policies?

Hello Netpros,

I am setting up a ASA 5510 which has a T1 and a Cable Modem connection. By default all traffic gets sent out the Cable Modem as its faster and preferred. There is also a backup floating static route to the T1 should the link die on the cable modem connection.

We have a server which is NAT to both the T1 and cable modem connection:

route outside-CABLE 0.0.0.0 0.0.0.0 cableIP 1

route outside-T1 0.0.0.0 0.0.0.0 T1_IP 200

static (inside, outside-T1) T1publicIP serverA

static (inside, outside-CABLE) CBLpublicIP serverB

How do I force the serverA host to ALWAYS go out the T1publicIP as stated in the above statement? It seems to go to T1 only if the cable link is down.

Is it possible to force the server out through the T1, EXCEPT when the T1 is down in which case it will pass out through Cable?

I'm sure this is an easy thing to do, I'm just an ASA newbie so any help is appreciated!

Julian

4 REPLIES
New Member

Re: Multihomed ASA and NAT policies?

Julian,

Unfortunately I don't think this is possible with the ASA. With a router it would be possible using Policy Based Routing (PBR). Unfortunately the ASA does not support PBR, so the traffic from the server will be routed according to the ASA's preferred route.

See this link for ASA FAQ including the PBR question.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item09186a00805b87d8.shtml

New Member

Re: Multihomed ASA and NAT policies?

Hi,

Thanks for your response. Do you know if it would be possible to force the servers out the T1 and not have them go out the cable connection in the event of T1 failure? Would that simplify things in any regard?

Thanks again,

Julian

New Member

Re: Multihomed ASA and NAT policies?

Unfortunately what you want to do is considered policy based routing and is not supported on the ASA.

You might be able to configure multiple contexts server A being in one context and which uses the T1 as next hop, and server B being in another context using the Cable connection as next hop.

See this document for more info on multiple context mode on the ASA.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808d2b63.shtml

New Member

Re: Multihomed ASA and NAT policies?

I'm not sure what your network environment looks like but if you have a layer 3 device/s sitting in front of the ASA you can implement PBR to set the next hop for traffic sourced from your serverA to as the device that terminates your T1. Thanks, hopefully this helps some. It would be nice if the ASA supported PBR!

Rich

270
Views
0
Helpful
4
Replies
CreatePlease login to create content