Solved

ASA NATting source address and destination address

Posted on 2014-04-17
4
434 Views
Last Modified: 2014-05-06
I would like to NAT all Internet sourced traffic to appear to my servers to have a local source IP address.  

Second I would like to NAT one public IP address to another IP address.  The situation is that I have small /27 IP blocks from my Colo.  But if the Internet service from the colo went down I would like to use ultradns (which quickly propagated changes name-IP in DNS) to direct the traffic to some IP's I have from another provider.  Any problem with the ASA NATting from one public IP to another?  I think not - just want to verify.  Should be easy.

So say I have a web server with public IP 5.5.5.36/27 and I had an ASA-B with inside IP address 5.5.5.37/37.  ASA B on the outside say had IP 6.6.6.33/27 and has a NAT rule that maps 6.6.6.36 to 5.5.5.36.  Now someone has a laptop with IP 7.7.7.100 and goes to 6.6.6.36 via http.  I want that packet delivered to 5.5.5.36.  And when it arrives at 5.5.5.36 it sees the source address as 5.5.5.37.  Possible?  What's the method?
0
Comment
Question by:amigan_99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 1

Author Comment

by:amigan_99
ID: 40007507
I think this is the answer "Twice NAT".

https://www.youtube.com/watch?v=joiKul3SV5s
0
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 500 total points
ID: 40011041
It sounds like you are planning to use two ASA,  and the configuration sounds a bit complicated. I think that I have a similar setup in that I have two different ISP with different IP space. Let me try to explain. The outside interface on my ASA is connected to a switch and two routers. The first router just routes normally. The second router is Comcast and it does static NAT from its IPs to the public IPs on the Outside interface on my ASA. My ASA does reliable static routing to pick which router to send the traffic through. Traffic only goes through one ISP at a time. My DNS provider tracks the availability of my servers and automatically switches the address. Failover and failback happens automatically.


http://www.cisco.com/c/en/us/td/docs/ios/dial/configuration/guide/12_2sr/dia_12_2sr_book/dia_rel_stc_rtg_bckup.html
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 40011045
A single ASA can probably do the NAT for two different ISPs but you would need two "outside" interfaces. Each interface would have different NAT rules,  and routing would determine which interface and hence which public IP your traffic would get.
0
 
LVL 1

Author Closing Comment

by:amigan_99
ID: 40044910
Thank you!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question