Re: Cisco ASA NAT questions from Segun Daini on 2010-09-08 (Ccielab archives 09/2010)

From: Segun Daini <segundaini_at_gmail.com>
Date: Wed, 8 Sep 2010 18:40:59 +0100

Hi,

I don't think 8.3 will solve your problem.

You need to group the local IP manually and decide what global IP they go
out with.

Then you configure a separate pool for each group of local to public using
your nat/global or object network(8.3) statements.

Also, remember that for 1 global IP, you have 65,536 available ports which
corresponds, not to a single local IP but a single session from each local
IP.

Regards.

On Wed, Sep 8, 2010 at 6:18 PM, Marcin Zgola <MZgola_at_netrixllc.com> wrote:

> We are looking at 8.3 now. thanks
>
>
>
> -----Original Message-----
> From: Ryan West [mailto:rwest_at_zyedge.com]
> Sent: Wednesday, September 08, 2010 12:12 PM
> To: Marcin Zgola; ccielab_at_groupstudy.com
> Subject: RE: Cisco ASA NAT questions
>
>
>
> > -----Original Message-----
> > From: Marcin Zgola [mailto:MZgola_at_netrixllc.com]
> > Sent: Wednesday, September 08, 2010 12:40 PM
> > To: Ryan West; ccielab_at_groupstudy.com
> > Subject: RE: Cisco ASA NAT questions
> >
> > But here is the problem. I apologize I should be more specific.
> >
> > I have 100 NAT pools, and only 20 public ips.
> >
> > So let's say 100 NAT pools corresponds to 100 VLANs on my network. But
> only
> > 20 of these vlans will be used at any giving time.
> >
> > I need each of these VLANs to always have its own public ip address.
> >
> > Make sense?
> >
>
> I guess this is for troubleshooting reasons? I can't really think of a way
> to do it offhand, other than setting up a range of a VLANs that correspond
> to different PAT pools. Vlan101-105 correspond to nat 101, vlan 106-110
> correspond to nat 102 .... With 8.3, you could use a dynamic NAT pool
> similar to your original post:
>
> Object network dynatpool
> Range 100.100.100.1 100.100.100.4
> Object network vlan101
> Subnet 10.0.1.0 255.255.255.0
> Nat (inside,outside) dynamic dynatpool
> Object network vlan102
> Subnet 10.0.2.0 255.255.255.0
> Nat (inside,outside) dynamic dynatpool
>
> I doubt the results would be deterministic, but having it separated the
> software may choose the next member in the pool as each object network
> statement is referenced.
>
> -ryan
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
+234.805.664.8600
Blogs and organic groups at http://www.ccie.net

Received on Wed Sep 08 2010 - 18:40:59 ART

This archive was generated by hypermail 2.2.0 : Fri Oct 01 2010 - 05:58:05 ART