Guys,
It's more of design question and I'm sure it exceeds the standard CCIE Security
syllabus
This is a rudimentary diagram (sorry if it looks garbled, it's ASCII anyway)
Host1 -----(10.1.1.0)---- ASA _____(10.2.2.0)_________ Server 1 (10.2.2.1)
|
|
|_____________ Server 2 (10.2.2.2)
I need Host 1 to communicate with Server 1 as a preferred one (when it is
available) and if Server 1 goes down then it is Server 2 to talk to.
Specifically Host 1 should know only one IP address (or even a host name if DNS
is employed) but the ASA would need to translate it and send to the available
Server.
I configured sla tracking to check on Server 1 and made hosts routes as follows:
route outside 10.2.2.1 255.255.255.255 10.2.2.1 1 track 1
route outside 10.2.2.2 255.255.255.255 10.2.2.2 200
Doesn't look good from the proper routing perspective but ASA accepted it.
Now I'm wondering how I will configure NAT to do the right thing.
Any ideas?
Eugene
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
