We have an ASA5505 with the Sec+ license. I'm comfortable setting up failover using tracked routes, and allowing simple inbound traffic to the current mapped interface IP. This requires that all internal destination IPs be PATed to the current interface address (as per the bolded global statement below). Our requirements are expanding and we would like to start using one-to-one NAT for our servers. We have a /29 block on our primary link, but only have a /30 on the backup link.
Here's an example of what we have now. This allows HTTP traffic to reach the internal IP of 192.168.1.10, regardless of whether the primary or backup link is active.
When the primary interface goes down, both internal hosts should remain accessible from the outside on the backup link. I may be able to upgrade the backup link to a /29 as well, if that's what's needed here. Is this a pipe dream, or possible? If I can do it, what would the configuration look like? And finally, am I making any sense at all?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...