RE: OT - Static PAT Range ASA from Ryan West on 2011-06-06 (Ccielab archives 06/2011)

From: Ryan West <rwest_at_zyedge.com>
Date: Mon, 6 Jun 2011 21:37:07 +0000

On Mon, Jun 06, 2011 at 14:36:49, Sadiq Yakasai wrote:
> Subject: Re: OT - Static PAT Range ASA
>
> Hi Ryan,
>
> I am afraid the best I could come up with is a many_to_one_port
> translation [1] sort of. I am sort sure what you are trying to do is
> achievable easily. Only if Cisco could utilize object groups for NAT ;-) (which they dont, at least today!).
>
> [1]
> http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide
> /
> n
> at_staticpat.html#wp1081521
> <http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guid
> e/
> nat_staticpat.html#wp1081521>
>
> Your NAT solution seems like the best option.
>
> Sadiq
>

Thanks for the info Sadiq. Based on some high ACL entries that the ASA can handle and very low traffic / CPU / Xlate information on the firewall, it was decided to make the config very ugly. A little excel and really long paste did the trick. I'm still looking for a more elegant solution if someone knows of one.

Thanks,

-ryan

Blogs and organic groups at http://www.ccie.net
Received on Mon Jun 06 2011 - 21:37:07 ART

This archive was generated by hypermail 2.2.0 : Fri Jul 01 2011 - 06:24:27 ART