RE: Cisco ASA NAT questions

We are looking at 8.3 now. thanks

-----Original Message-----
From: Ryan West [mailto:rwest_at_zyedge.com]
Sent: Wednesday, September 08, 2010 12:12 PM
To: Marcin Zgola; ccielab_at_groupstudy.com
Subject: RE: Cisco ASA NAT questions

> -----Original Message-----
> From: Marcin Zgola [mailto:MZgola_at_netrixllc.com]
> Sent: Wednesday, September 08, 2010 12:40 PM
> To: Ryan West; ccielab_at_groupstudy.com
> Subject: RE: Cisco ASA NAT questions
>
> But here is the problem. I apologize I should be more specific.
>
> I have 100 NAT pools, and only 20 public ips.
>
> So let's say 100 NAT pools corresponds to 100 VLANs on my network. But only
> 20 of these vlans will be used at any giving time.
>
> I need each of these VLANs to always have its own public ip address.
>
> Make sense?
>

I guess this is for troubleshooting reasons? I can't really think of a way to do it offhand, other than setting up a range of a VLANs that correspond to different PAT pools. Vlan101-105 correspond to nat 101, vlan 106-110 correspond to nat 102 .... With 8.3, you could use a dynamic NAT pool similar to your original post:

Object network dynatpool
        Range 100.100.100.1 100.100.100.4
Object network vlan101
        Subnet 10.0.1.0 255.255.255.0
        Nat (inside,outside) dynamic dynatpool
Object network vlan102
        Subnet 10.0.2.0 255.255.255.0
        Nat (inside,outside) dynamic dynatpool

I doubt the results would be deterministic, but having it separated the software may choose the next member in the pool as each object network statement is referenced.
 
-ryan

Blogs and organic groups at http://www.ccie.net
Received on Wed Sep 08 2010 - 17:18:53 ART