Hi Upen,You can do NAT once

upen desai · ‎07-02-2014

Hi

I hope you can help in answering this query. WE have a site with the following setup:

Router <----------> ASA 5510 <----------> Local LAN

ISP (single IP Address)

The Router has a single ADSL link with a single Public IP address, its connected to the ASA on the 172.16.0.0/24 network.

The ASA is connected to the Local LAN on the 192.168.95.0/24 network. We do have servers and printers doing NAT on the ASA. There is also a primary link where on site where all of this is working normally. The above setup is for the fail over link.

How would I setup the NAT on the ASA and on the router, I did not wish to do a double NAT on the ASA and then the Router as well.

Is there a better solution to set this up.

Many thanks

Upen Desai

nkarthikeyan · ‎07-02-2014

Hi Upen,

You can do NAT once in the router..... all you need is the routing in the ISP router towards your private network.....

for eg if you have web server, smtp server & ftp server in your lan then

ip nat inside source static tcp <private ip> 21 <public ip> 21

ip nat inside source static tcp <private ip> 25 <public ip> 25

ip nat inside source static tcp <private ip> 80 <public ip> 80

Regards

Karthik

upen desai · ‎07-02-2014

Hello Karthik

Thank you for coming back to me. As mentioned in the original question we have two ISPs but I am trying to set this up on the backup link.

When the primary link fails and the ASA fails over to the ADSL link do I just have the default route to the router, send all the LAN traffic straight to the router via the ASA and let the router do the NAT.

Router to ASA NAT