Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

2 ISP nat problem

Good day .

Our topology is :

----1841----ISP1

|

ASA5510---

|

----1841----ISP2

We use EIGRP for routes redistribution.

Both 1841 has static nat rules for our inside services. When outside client is trying to connect to one of the translated outside ip adresses(for example the first one) he may recieve incoming packets from the other adress (second). So is there a way to restrict outgoing nat sessions to the route it was originated from.

Please excuse my english. Any feedback will be greatly appretiated.

5 REPLIES

Re: 2 ISP nat problem

Hi,

If you mean you have overlapping Network, then please refer to the bellow example, it shows how to configure (NAT in Overlapping Network):

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080093f30.shtml

HTH

Mohamed

New Member

Re: 2 ISP nat problem

hmm , dont think its exactly our case . Basicly we have 2 different outside adress pools , translation from each of them leads to one inside host , but it seems that ASA routes all outgoing nat translations only over one pool .

__________________--1841(nat 1.1.1.1)

10.10.10.1 --ASA--

__________________--1841(nat 2.2.2.2)

So basicly , client is connecting to 1.1.1.1 , and everything works fine , his session is translated to 10.10.10.1.

But when he is trying to connect to 2.2.2.2 , the session is returned to him over 1.1.1.1.

Probably something is wrong with eigrp redistribution . If this is the overlapping network case , then please excuse my poor knowledge .

Re: 2 ISP nat problem

Hi,

No this is not Overlapping Network, and please execuse my poor understanding.

Probably its a routing issue.

HTH

Mohamed

New Member

Re: 2 ISP nat problem

Seems like routing to me as well . Is there a way to configure asa route incoming sessions back to the router they were orginated from (topology with 2 ISP)?

New Member

Re: 2 ISP nat problem

Please provide the config for the 1841, and the ASA. Thanks

One option is to deploy split tunneling which might allieviate your problem, but first need to look at the config.Thanks

153
Views
0
Helpful
5
Replies