Re: Cisco ASA NAT questions from Piotr Matusiak on 2010-09-08 (Ccielab archives 09/2010)

From: Piotr Matusiak <pitt2k_at_gmail.com>
Date: Wed, 8 Sep 2010 20:12:46 +0200

Marcin,

What about this:

access-list NET1 extended permit ip 10.0.1.0 255.255.255.0 any
access-list NET1 extended permit ip 10.0.2.0 255.255.255.0 any
access-list NET2 extended permit ip 10.0.3.0 255.255.255.0 any
access-list NET2 extended permit ip 10.0.4.0 255.255.255.0 any

nat (inside) 1 access-list NET1
nat (inside) 2 access-list NET2

global (outside) 1 11.12.13.14
global (outside) 2 11.12.13.15

HTH,

--
Piotr Matusiak
CCIE #19860 (R&S, Security)
Technical Instructor
website: www.MicronicsTraining.com
blog: www.ccie1.com
If you can't explain it simply, you don't understand it well enough -
Albert Einstein
2010/9/8 Marcin Zgola <MZgola_at_netrixllc.com>
> But here is the problem. I apologize I should be more specific.
>
> I have 100 NAT pools, and only 20 public ips.
>
> So let's say 100 NAT pools corresponds to 100 VLANs on my network. But only
> 20 of these vlans will be used at any giving time.
>
> I need each of these VLANs to always have its own public ip address.
>
> Make sense?
>
>
> -----Original Message-----
> From: Ryan West [mailto:rwest_at_zyedge.com]
> Sent: Wednesday, September 08, 2010 11:27 AM
> To: Marcin Zgola; ccielab_at_groupstudy.com
> Subject: RE: Cisco ASA NAT questions
>
> Marcin,
>
> > -----Original Message-----
> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On
> > Behalf Of Marcin Zgola
> > Sent: Wednesday, September 08, 2010 11:49 AM
> >
> >
> > I want any hosts from 10.0.0.0/24 to be PATed from one of the public ips
> > from 100.100.100.0-100.100.100.4 pool
> >
> > Example:
> > Host 10.0.1.122 PATed to 100.100.100.1
> > Host 10.0.1.12  PATed to 100.100.100.1
> > Host 10.0.2.123 PATed to 100.100.100.2
> > Host 10.0.3.188 PATed to 100.100.100.3
> >
>
> If this is all you need, just assign a different NAT/Global to each range.
>
> Nat (inside) 101 10.0.1.0 255.255.255.0
> Global (outside) 101 100.100.100.1
>  Nat (inside) 102 10.0.2.0 255.255.255.0
> Global (outside) 102 100.100.100.2
> .
> .
> .
>
> When you enter the single address, the ASA will respond that all inside
> addresses will have PAT applied. e.g. global (outside) 3 50.50.50.50
> INFO: Global 50.50.50.50 will be Port Address Translated.
>
> You can also do a combination of 1 to 1 NAT's with a fall back to PAT once
> the range is exhausted.  As the translation expires, another host can grab
> that 1:1 NAT.
>
> global (outside) 1 192.168.4.140-192.168.4.254 netmask 255.255.255.128
> global (outside) 1 interface
>
> HTH,
>
> -ryan
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net

Received on Wed Sep 08 2010 - 20:12:46 ART

This archive was generated by hypermail 2.2.0 : Fri Oct 01 2010 - 05:58:05 ART