NAT on 2 outside interfaces

Discussion in 'Cisco' started by wybenga, Apr 24, 2009.

  1. wybenga

    wybenga

    Joined:
    Apr 24, 2009
    Messages:
    2
    I have an ASA5510 with 1 inside interface and 2 outside interfaces. Outside interfaces are connected to 2 different ISPs, each with a static IP address.

    I was able to create 2 static routes for each outside interface, 1 with a higher metric cost than the other and with tracking enabled to create a failover incase the main ISP goes down.

    However I cannot get NAT to work on the 2 outside interfaces so that any traffic originating on one outside interface gets returned via the same interface.

    Tried putting all the NAT on the inside interface but am unable to have 2 dynamic NAT statements on same interface.

    Any advise would be greatly appreciated.
    wybenga, Apr 24, 2009
    #1
    1. Advertising

  2. wybenga

    wybenga

    Joined:
    Apr 24, 2009
    Messages:
    2
    Edited this example from Cisco, will it work?

    Code:
         ip nat pool pool-65 65.213.163.1 65.213.163.254 prefix-length 24
         ip nat pool pool-71 71.251.92.1 71.251.92.254 prefix-length 24
    
         ip nat inside source route-map MAP-65 pool pool-65
    
    !--- Establishes dynamic source translation, specifying 
    !--- the route-map MAP-65 which is defined below. 
    
         ip nat inside source route-map MAP-71 pool pool-71
    
    !--- Establishes dynamic source translation, specifying the route-map MAP-71.
    !--- Here, the route-maps are consulted instead of 
    !--- access-lists (as in the previous case).
    
         interface Ethernet0/0
          description Verizon T1 Line
          nameif outside
          security-level 0
          ip address 65.213.163.XXX 255.255.255.248 
          ip nat outside
          ospf cost 10
    
         interface Ethernet0/1
          nameif inside
          security-level 100
          ip address 10.0.0.1 255.255.255.0 
          ospf cost 10
    
         interface Ethernet0/3
          description Verizon FiOS
          nameif outside2
          security-level 0
          ip address 71.251.92.XXX 255.255.255.0
          ip nat outside 
          ospf cost 10
    
         access-list 65 permit ip 10.0.0.0 0.0.0.255 65.213.163.0 0.0.0.255
         access-list 71 permit ip 10.1.1.0 0.0.0.255 71.251.92.0 0.0.0.255
    
         route-map MAP-65 permit 10
    
    !--- Defines the Route-map MAP-65.
    
         match ip address 65
    
    !--- Specifies the criteria for translation. Here, the IP 
    !--- address mentioned in the access-list 65 is translated.
    !--- The translation is defined in the
    !--- ip nat inside source route-map MAP-65 pool pool-65 command.
    
         route-map MAP-71 permit 10
         
    !--- Defines the Route-map MAP-71.
    
         match ip address 71
         
    !--- The IP address mentioned in the access-list 71 is translated. 
    !--- The translation is defined in the 
    !--- ip nat inside source route-map MAP-71 pool pool-71 command.
    
    wybenga, Apr 24, 2009
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kevin
    Replies:
    4
    Views:
    4,810
    Martin Gallagher
    Nov 28, 2003
  2. dt1649651@yahoo.com

    nat from outside to outside

    dt1649651@yahoo.com, Aug 21, 2005, in forum: Cisco
    Replies:
    1
    Views:
    576
    Sean.Evershed@gmail.com
    Aug 21, 2005
  3. Yogz
    Replies:
    1
    Views:
    2,903
  4. Jack
    Replies:
    0
    Views:
    637
  5. zavrik
    Replies:
    1
    Views:
    2,408
    zavrik
    Nov 15, 2007
Loading...

Share This Page