ASA Backup interface not allowing users out

natedog · ‎09-20-2006

I have configured the ASA backup interface command to the specs on the website below. The problem isnt that the ASA is failing over but it's not allowing my internal users to get out once the backup interface comes online. I am able to reach it via ssh outside, etc. I tried adding additional nat and global statements that corresponding to the backup interface but i dont see that anywhere on the documentation. thanks.

nat (inside) 1 0.0.0.0 0.0.0.0

nat (backup) 2 0.0.0.0 0.0.0.0

global (OUTSIDE) 1 interface

global (backup) 2 interface

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

dsweeny · ‎09-26-2006

What version of software are you using in the ASA box ?.

natedog · ‎09-27-2006

7.2(1)

Fernando_Meza · ‎09-26-2006

Hi Try this ..

nat(inside) 1 0 0

global (outside) 1 interface

nat (inside) Y 0 0

global (backup) Y interface

where Y is any nat-id number that you are not already using on your nat/global statements .. ie ..

nat (inside) 30 0 0

global (backup) 30 interface

I hope it helps .. please rate it if it does !!!

natedog · ‎09-27-2006

hey this is the message i get with this..

GAUNTLET(config)# nat (inside) 5 0.0.0.0 0.0.0.0

Duplicate NAT entry

it takes the global statement fine.

i am using ver 7.2(1)

thanks for the reply, any other ideas?