troubleshooting Question

Dual outside and inside interfaces on ASA 5520

Avatar of eggster34
eggster34 asked on
Cisco
5 Comments1 Solution2099 ViewsLast Modified:
Hi,
We have an ASA 5520 with 4 interfaces, 2 interfaces connect to the internet uplinks on our datacenter and 2 are inside interfaces hosting servers for different clients.

We need to make sure the hosts connected to the inside interface are translated / accessed using the outside interface, and hosts on inside2 are able to access the internet on the outside2 interface only and mapped IP addresses on the outside2 interface should allow access to the clients connected to inside2. Is this at all possible? my config looks like this: we can easily ping and access hosts using the ip range assigned to the outside interface, but it does not work on anything connected to outside2/inside2.

1.1.1.254 is the uplink router assigned to the outside interface , and 10.2.2.254 is the router for the outside2 interface.



!

!
interface GigabitEthernet0/0
 description 1.1.1.1
 nameif outside1
 security-level 0
 ip address 1.1.1.1 255.255.255.0
!
interface GigabitEthernet0/1
 description 2.2.2.2
  nameif outside2
 security-level 0
 ip address 2.2.2.2 255.255.255.0
!
interface GigabitEthernet0/2
description inside1
nameif inside1
security-level 100
ip address 192.168.10.1 255.255.255.0
!
interface GigabitEthernet0/3
 description inside2
 nameif inside2
 security-level 100
 ip address 192.168.20.1 255.255.255.0

interface Management0/0
 shutdown
 nameif man
 security-level 0
 no ip address
 management-only
                                                                |
boot system disk0:/asa821-k8.bin
ftp mode passive
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 2:00
dns domain-lookup inside
dns domain-lookup outside
access-list outside extended permit ip any any
access-list outside2 extended permit ip any any


mtu inside 1500
mtu outside 1500
mtu man 1500
mtu inside2 1500
mtu outside2 1500

icmp permit any inside
icmp permit any outside
icmp permit any inside2
icmp permit any outside2
no asdm history enable
arp timeout 14400
global (outside) 1 interface
global (outside2) 2 interface
nat (inside) 1 0.0.0.0 0.0.0.0
nat (inside2) 2 0.0.0.0 0.0.0.0
static (inside,outside) tcp 1.1.1.2 ssh 192.168.10.2 ssh netmask 255.255.255.255
static (inside2,outside2) tcp 2.2.2.2 ssh 192.168.20.2 ssh netmask 255.255.255.255
access-group outside1 in interface outside1
access-group outside2 in interface outside2
route outside 0.0.0.0 0.0.0.0 1.1.1.254 1 <-- is this how it is supposed to be?
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 5 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 5 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros