[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

ASA NATting source address and destination address

Posted on 2014-04-17
4
Medium Priority
?
446 Views
Last Modified: 2014-05-06
I would like to NAT all Internet sourced traffic to appear to my servers to have a local source IP address.  

Second I would like to NAT one public IP address to another IP address.  The situation is that I have small /27 IP blocks from my Colo.  But if the Internet service from the colo went down I would like to use ultradns (which quickly propagated changes name-IP in DNS) to direct the traffic to some IP's I have from another provider.  Any problem with the ASA NATting from one public IP to another?  I think not - just want to verify.  Should be easy.

So say I have a web server with public IP 5.5.5.36/27 and I had an ASA-B with inside IP address 5.5.5.37/37.  ASA B on the outside say had IP 6.6.6.33/27 and has a NAT rule that maps 6.6.6.36 to 5.5.5.36.  Now someone has a laptop with IP 7.7.7.100 and goes to 6.6.6.36 via http.  I want that packet delivered to 5.5.5.36.  And when it arrives at 5.5.5.36 it sees the source address as 5.5.5.37.  Possible?  What's the method?
0
Comment
Question by:amigan_99
  • 2
  • 2
4 Comments
 
LVL 1

Author Comment

by:amigan_99
ID: 40007507
I think this is the answer "Twice NAT".

https://www.youtube.com/watch?v=joiKul3SV5s
0
 
LVL 43

Accepted Solution

by:
kevinhsieh earned 2000 total points
ID: 40011041
It sounds like you are planning to use two ASA,  and the configuration sounds a bit complicated. I think that I have a similar setup in that I have two different ISP with different IP space. Let me try to explain. The outside interface on my ASA is connected to a switch and two routers. The first router just routes normally. The second router is Comcast and it does static NAT from its IPs to the public IPs on the Outside interface on my ASA. My ASA does reliable static routing to pick which router to send the traffic through. Traffic only goes through one ISP at a time. My DNS provider tracks the availability of my servers and automatically switches the address. Failover and failback happens automatically.


http://www.cisco.com/c/en/us/td/docs/ios/dial/configuration/guide/12_2sr/dia_12_2sr_book/dia_rel_stc_rtg_bckup.html
0
 
LVL 43

Expert Comment

by:kevinhsieh
ID: 40011045
A single ASA can probably do the NAT for two different ISPs but you would need two "outside" interfaces. Each interface would have different NAT rules,  and routing would determine which interface and hence which public IP your traffic would get.
0
 
LVL 1

Author Closing Comment

by:amigan_99
ID: 40044910
Thank you!
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Considering cloud tradeoffs and determining the right mix for your organization.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question