I have a Cisco ASA 5520 firewall running 8.2 code (old NAT code).
I have 2 interfaces, each with a unique ISP attached to them. I want to use one as my primary internet, and one as a backup circuit.
To do this, I followed these instructions from Cisco on how to setup a 2nd default route with a higher metric, and have the primary default route use a track statement to monitor link state of my primary ISP.
The routing works beautifully. When I unplug my primary internet circuit, the metric 1 default route gets removed, and the metric 2 kicks in, making that the live circuit for routing to the internet.
The problem I'm running into is with my Dynamic NAT configuration. I have a Dynamic NAT setup as follows:
nat (Inside) 1 192.168.1.0 255.255.255.0
So that represents Global Pool 1, which is my Primary ISP interface. Global Pool 2 is the backup ISP interface
I figured that I could add a 2nd NAT as follows:
nat (Inside) 2 192.168.1.0 255.255.255.0
As soon as I do that, I lose all internet connectivity, presumably because my default route is still using the primary ISP, because that circuit is live, and the new NAT is overriding the original NAT.
Is there a way to have both NATs in the configuration at the same time? That way when the primary circuit goes down, and the default route changes, the NAT is there for computers to translate on, over the backup circuit.
I know with code 8.3 and newer this is very easy. I actually have done this with an 8.3 ASA, but unfortunately I don't have the option of upgrading at this time.