How to configure 2 NATs with access-list based on destination port

tassiliopoulos · ‎02-09-2010

Is it possible to configure 2 NATs and have them used based on the destination port of the packets?

I'm currently trying to do this with a Cisco 881.

I can see that I can create 2 access-lists based on source and destination IP, but there is no option for source or destination port:

access-list 1 permit 192.168.2.0 0.0.0.255

If not possible with the 881, is this possible with the ASA 5505?
If that's the case, can the ASA 5505 be configured as one half of a site-to-site VPN with the other side a Cisco 881?

To explain further, we currently have 2 WAN connections:

Expensive fiber connection for mission-critical apps (web hosting, mail, accessing customer sites)
Cheap DSL connection for web browsing (HTTP+HTTPS)

We're using a Linux machine to route based on destination port. Anything for HTTP or HTTPS goes via the cheap DSL connection and everything else goes via the fiber connection.

spremkumar · ‎02-11-2010

Can you post out a detailed diagram of your requirement with dummy ip schema attached to it?

regds

tassiliopoulos · ‎02-11-2010

I'm attaching a diagram showing everything I'm trying to achieve.

I've also included the second network (on the right) that needs a site-to-site VPN between the two routers.

What I need to know at this point if all this is possible and what devices are best before I actually purchase anything.

Thanks very much

milan.kulik · ‎02-12-2010

Hi,

not sure if I've got your point, but wouldn't using an extended ACL instead of a standard ACL help?

BR,

Milan