Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Cisco ASA 5510 - failover setup

Posted on 2010-08-17
5
Medium Priority
?
698 Views
Last Modified: 2013-11-16
Environment

Cisco ASA 5510, we are using  ASDM 6.1 as a management tool.

Objective
The objective is to NAT one external IP address to  two internal IPs with the ability to failover from one of the internal IP addresses to another.
e.g.
Public IP 1.2.3.4 and 2 Internal IPs {10.0.0.4, 10.0.0.5}

Current Setup

we have 1 - 1 Nat
Always 1.2.3.4  -> 10.0.0.4

What we would like to setup

We would like to change the settings so when a failure is detected on 10.0.0.4 the NAT rules fails over to 10.0.0.5 and vise versa
0
Comment
Question by:atigris
5 Comments
 
LVL 14

Accepted Solution

by:
anoopkmr earned 501 total points
ID: 33457932
for the traffic comming from internet to inisde then the one to one static nat has to be unique.
if we nat 1.2.3.4 <-> 10.0.0.4 for all Ip traffic , then we can't use the same 1.2.3.4 for 10.0.0.5
but if we use specific protocol  , then it is possible
for eg  :  1.2.3.4 <-> 10.0.0.4 for ftp services
                1.2.3.4<-> 10.0.0.5 for http services

0
 
LVL 14

Expert Comment

by:anoopkmr
ID: 33457960
but  in a different way with two public IP and  one inside server , it is possible

see the url

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807d2874.shtml

0
 
LVL 18

Assisted Solution

by:decoleur
decoleur earned 501 total points
ID: 33458686
hello there,

anoopkmr is right, you cannot have a Cisco firewall provide a redundant 1:1 nat for inside hosts. What you need to do is abstract the redundancy from the firewall.

In enterprise web deployments we often leverage a virtual IP for a service and use some sort of mechanism to distribute that among available hosts. It maintains a state table to track the condition of the inside servers and transition from one to another if there is a service interruption.

This also presents challenges, because the session information is not automatically passed between servers. For example I would be on a web store front that is on server 1 with a bunch of stuff in my shopping cart. If I get bumped to server 2 is my shopping cart maintained?

I hope this helps, but what you are asking for cannot be done with just a Cisco Firewall.

-t
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 498 total points
ID: 33459963
>The objective is to NAT one external IP address to  two internal IPs
It is not possible with ASA.

What you are looking for is something like a load-balancer that decoleur alludes to above.
0
 
LVL 2

Author Closing Comment

by:atigris
ID: 33502885
Thanks for your assistance.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question