Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

NAT exempt question

Hello,

I have two sites interconnected by MPLS. Each site has an ASA and is connected to the internet. I'm trying to setup failover for internet connectivity and when on one site the ISP connection is down to route the internet traffic into MPLS and then to the ISP on the other site. The sla monitoring is working but the NAT is converting the traffic since it is not covered by NAT exempt rule and I do not see a way to exempt depending on the outgoing interface. Any suggestions?

1 REPLY
New Member

Re: NAT exempt question

I build such a scenario for a colleague. Instead of using MPLS I use a WAN-link (doesn't matter).

I only backup ASA 2, but it should run in both ways.

Routing protocol RIPv2

Internet

|

ASA 1

|

inside - 192.168.16.0/21

|

WAN

|

inside - 192.168.32.0/21

|

ASA 2

|

internet

NAT configuration on ASA 1

--------------------------

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

route outside 0.0.0.0 0.0.0.0 81.x.x.x

configuration ASA 2

-------------------

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

route outside 0.0.0.0 0.0.0.0 82.x.x.x 1 track 1

sla monitor 1

type echo protocol ipIcmpEcho 81.x.x.x interface outside

num-packets 3

frequency 10

sla monitor schedule 1 life forever start-time now

router rip

network 192.168.32.0

redistribute static metric 1

version 2

no auto-summary

If the Internet on ASA 2 goes down, the default-route to ASA 1 will work.

Hope it helps.

115
Views
0
Helpful
1
Replies
CreatePlease to create content