RTR-A is acting as gateway to ISP-A while RTR-B is acting as gateway to ISP-B.
PIX is doing a nat with ISP-A global address while ASA is natting with ISP-B alloted global address
Switch is configured with 2 default routes one is pointed to PIX while other to ASA.
When the traffic is initiated from outside to inside servers then it reaches successfully to servers but the return tarffic from servers will load balance on switch. Firewalls drop the traffic due to TCP check.
Planning to implement natting for outside traffic to be translated to specific pool so, that specific routes can be added on switch.
Please do let me know if this solution will work and if static (outside,inside) will work in this scenario. If possible kindly share an configuration example.
You can Translate the ip's coming from outside into a single ip, by doing pat or into a range of ip's by doing dynamic nat, but i would recomment pat, because that give you an option of lot many simaltaneous connections to your server.
Lets say your server address is 192.168.16.5 and its natted to the ip 172.16.15.5
nat (outside) 1 0.0.0.0 0.0.0.0 outside
global (inside) 1 192.168.16.100
static (inside,outside) 172.16.15.5 192.168.16.5
Now if someone from outside accesses the server from outside, there source ip's would be translated to 192.168.16.100, the server would see the request coming from this ip and send the response back. The switch through a route to PIX inside interafce would identify that this traffic should be sent to PIX inside interface and send it back to same route.
Once the packets reaches the PIX, they woudl be untranslated and sent back to the source machine on the internet.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...