You can have 2 statics fo the 2 isp links. The will be
static (inside,isp1) zzz yyyy
static (inside,isp2) xxx yyyy
And of course you will need SLA monitoring to fall back between ISPs in case of failures.
I hope it helps,
If i understand correctly, you want to have a static NAT on both your ISP's for that web server and also have dual ISP config ? Please correct me if i am wrong. If i am correct with the above problem description, then all you would need to do is to create a static NAT for the second ISP link but make sure that it is entered after the existing NAT statement for the primary ISP link. This is necessaryas the order of the static statements in the xlate table makes a difference.
You don't need them to be in order. The right static is going to be chosen based on route look.
For SLA monitoring you need http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml When ISP1 goes down ISP2 route will be used and the translations will be using the ISP2 static.,
Note that you will have one default route a t a time, but when one goes down the other is going to kick in.
I hope it makes sense.
thanks for this nice trick. However, what happens if both links are up, and a client access web server via IP address of backup interface? What route will ASA use in this case? (Default route will point to ISP1, and client request will come through ISP2).
You have 2 routes. The high priority route is chose while it is up. You only fall back to the low priority when the primary is removed because it failed. So, if the high priority is up, it is preferred. Here is the guide that explains it http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml
I hope it is clear.
Thanks for the answer, PK.
Unfortunately I wasn't clear enough. I was talking about outbound traffic from the server to the client (for example - server replying to client's request for web page). But your answer was clear. If both links are up, reply will go over default route (ISP1), not over the backup link (ISP2), right?
To explain it better, if the inbound request is coming in ISP2 and ISP1 route is up the response will go out ISP1 and you will have asymmetric routing issues. In other words, you can't use ISP1 and 2 at the same time, ISP2 will be used only when 1 is down.
I hope it makes sense.