RE: Cisco ASA NAT questions

But here is the problem. I apologize I should be more specific.

I have 100 NAT pools, and only 20 public ips.

So let's say 100 NAT pools corresponds to 100 VLANs on my network. But only 20 of these vlans will be used at any giving time.

I need each of these VLANs to always have its own public ip address.

Make sense?

-----Original Message-----
From: Ryan West [mailto:rwest_at_zyedge.com]
Sent: Wednesday, September 08, 2010 11:27 AM
To: Marcin Zgola; ccielab_at_groupstudy.com
Subject: RE: Cisco ASA NAT questions

Marcin,

> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On
> Behalf Of Marcin Zgola
> Sent: Wednesday, September 08, 2010 11:49 AM
>
>
> I want any hosts from 10.0.0.0/24 to be PATed from one of the public ips
> from 100.100.100.0-100.100.100.4 pool
>
> Example:
> Host 10.0.1.122 PATed to 100.100.100.1
> Host 10.0.1.12 PATed to 100.100.100.1
> Host 10.0.2.123 PATed to 100.100.100.2
> Host 10.0.3.188 PATed to 100.100.100.3
>

If this is all you need, just assign a different NAT/Global to each range.

Nat (inside) 101 10.0.1.0 255.255.255.0
Global (outside) 101 100.100.100.1
 Nat (inside) 102 10.0.2.0 255.255.255.0
Global (outside) 102 100.100.100.2
.
.
.

When you enter the single address, the ASA will respond that all inside addresses will have PAT applied. e.g. global (outside) 3 50.50.50.50
INFO: Global 50.50.50.50 will be Port Address Translated.

You can also do a combination of 1 to 1 NAT's with a fall back to PAT once the range is exhausted. As the translation expires, another host can grab that 1:1 NAT.

global (outside) 1 192.168.4.140-192.168.4.254 netmask 255.255.255.128
global (outside) 1 interface

HTH,

-ryan

Blogs and organic groups at http://www.ccie.net
Received on Wed Sep 08 2010 - 16:39:39 ART