Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

static NAT translations on multiple WAN interfaces (PIX 525)

hi,

     i am trying to achieve the following and wonder if it's possible and if so, how to do it.

     we have an internal LAN of 192.168.101.0/24. we have two WAN/outside connections & interfaces, lets say 1.1.1.0 & 2.2.2.0.

     all internal traffic from 192.168.101.0 uses dynamic NAT overload on the 1.1.1.0 interface to get online and i have a few static NAT translations for severs on this connection. this works fine and is fairly standard.

     i have a server on the IP address 192.168.101.10 that is a VoIP server and that needs to go down the internal 2.2.2.0 (due to QoS on this WAN interface). i am able to create a static NAT translation in the PIX for this rule, however i am confused about what default route the PIX needs to know for this connection.

      currently the default route is for the 1.1.1.0 interface, and yet i can not add another default route for 2.2.2.0 without giving it a higher metric than the 1.1.1.0 interface. the 2.2.2.0 interface obviously needs a default route so it knows the path to the internet yet i am not sure how to do this. when using a Cisco router i have been able to create a route map to give different default routes to difference access lists and this has worked, however what do i do on the pix?

     i hope i have explained the issue clearly enough and if anyone can assist that would be excellent

     many thanks

                    Ryan

Everyone's tags (1)
1 REPLY
Red

static NAT translations on multiple WAN interfaces (PIX 525)

Hi Ryan,

Asa cannot ahve 2 default routes, it can only have one. ASA also doesnt support PBR, so the setup that you are trying to configure would not work on the ASA. Router is the correct option for it.

Hope that helps.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC
349
Views
5
Helpful
1
Replies
CreatePlease login to create content