Tony,
I was referring to performing NAT overload at layer 3 prior to reaching
inside interface of ASA. Make all devices look like they originate from 1
to the ASA. It works and was tactic I have used in the past to overcome
this restriction without having to go back for additional license. Latency
is nominal but of course would depend on layer 3 forwarding device in front
of ASA.
I see it as engineering around a legal loophole.
Regards,
Marc Edwards
CCIE #38259
On Sun, Jan 19, 2014 at 8:13 AM, Tony Singh <mothafungla_at_gmail.com> wrote:
>
> ARP works at layer 2 therefore it is not possible to NAT inside host
> traffic for ARP yes you can for L3 traffic but it defeats the object and
> the cache would still get populated.
>
> If you meant NAT before the ASA with another device then yes agree this
> should work as long as latency or voice applications are not the sources.
>
> My 2cents
>
> --
> BR
>
> Tony
>
> > On 18 Jan 2014, at 21:51, Jay McMickle <jay.mcmickle_at_yahoo.com> wrote:
> >
> > Now that's thinking like a CCIE.
> > +1
> >
> > Regards,
> > Jay McMickle- 2x CCIE #35355 (R/S,Sec)
> > Sent from my iPhone 5
> >
> >> On Jan 18, 2014, at 10:42 AM, marc edwards <renorider_at_gmail.com> wrote:
> >>
> >> Could always NAT on inside before ASA. What it doesn't know won't hurt
> it
> > ;)
> >>
> >>> On Saturday, January 18, 2014, Anthony <anthonybonilla.ccie_at_gmail.com>
> > wrote:
> >>> Great, thanks again guys!
> >>>
> >>> Sent from my iPhone
> >>>
> >>>> On Jan 18, 2014, at 9:38 AM, Jay McMickle <jay.mcmickle_at_yahoo.com>
> > wrote:
> >>>>
> >>>> One of the best ways to ease this pain is to not use the ASA as the
> > default gateway since it's the number of ARP entries that matter to the
> ASA
> > against the licenses. Another way to is to reduce the ARP entries
> (reduce arp
> > aging) and xlate timers.
> >>>>
> >>>> The license upgrade is only about $125 USD, but if it's only one
> printer
> > that's causing the license issue, these tweaks might be helpful as it
> doesn't
> > really need to be known by the ASA.
> >>>>
> >>>> Regards,
> >>>> Jay McMickle- 2x CCIE #35355 (R/S,Sec)
> >>>> Sent from my iPhone 5
> >>>>
> >>>>> On Jan 18, 2014, at 7:08 AM, Gabriel Kujawski <gabriel_at_brama.waw.pl>
> > wrote:
> >>>>>
> >>>>> Yeah, no impact as long as you are within ten devices limit.
> >>>>>
> >>>>> Sent from your iPhone
> >>>>>
> >>>>>> On 18 sty 2014, at 13:56, Anthony <anthonybonilla.ccie_at_gmail.com>
> > wrote:
> >>>>>>
> >>>>>> Cool that's what I was hoping. Also, there shouldn't be any impact
> to
> > services for first 10 hosts, right?
> >>>>>>
> >>>>>> Sent from my iPhone
> >>>>>>
> >>>>>>> On Jan 18, 2014, at 12:56 AM, Gabriel Kujawski <
> gabriel_at_brama.waw.pl>
> > wrote:
> >>>>>>>
> >>>>>>> Hi,
> >>>>>>> The 11th host will be not be allowed to communicate with the
> outside
> > world.
> >>>>>>>
> >>>>>>> Sent from your iPhone
> >>>>>>>
> >>>>>>>> On 18 sty 2014, at 00:13, Anthony Bonilla
> > <anthonybonilla.ccie_at_gmail.com> wrote:
> >>>>>>>>
> >>>>>>>> Hi guys,
> >>>>>>>>
> >>>>>>>> Can someone please let me know implication of exceeding the base
> > limit on
> >>>>>>>> ASA for inside hosts (currently at 10)? I think I might be
> reaching
> > that
> >>>>>>>> limit and already looking into getting license for more hosts but
> > was
> >>>>>>>> curious in the meantime would ASA continue allowing traffic if I
> > tried to
> >>>>>>>> use 11th machine or would it have any adverse affect on the prod
> > traffic?
> >>>>>>>> Any insight would be greatly appreciated.
> >>>>>>>>
> >>>>>>>> TIA
> >>>>>>>>
> >>>>>>>> Tony
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> Blogs and organic groups at http://www.ccie.net
> > _______________________________________________________________________
> >>>>>>>> Subscription information may be found at:
> >>>>>>>> http://www.groupstudy.com/list/CCIELab.html
> >>>>>
> >>>>>
> >>>>> Blogs and organic groups at http://www.ccie.net
> >>>>>
> >>>>>
> _______________________________________________________________________
> >>>>> Subscription information may be found at:
> >>>>> http://www.groupstudy.com/list/CCIELab.html
> >>>
> >>>
> >>> Blogs and organic groups at http://www.ccie.net
> >>>
> >>> _______________________________________________________________________
> >>> Subscription information may be found at:
> >>> http://www.groupstudy.com/list/CCIELab.html
> >>
> >>
> >> --
> >> Marc Edwards
> >> CCIE #38259
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sun Jan 19 2014 - 08:36:45 ART
This archive was generated by hypermail 2.2.0 : Sat Feb 01 2014 - 10:24:52 ART