Sorry yes that's what I thought you meant
Nice hack :)
-- BR Tony > On 19 Jan 2014, at 16:36, marc edwards <renorider_at_gmail.com> wrote: > > Tony, > > I was referring to performing NAT overload at layer 3 prior to reaching inside interface of ASA. Make all devices look like they originate from 1 to the ASA. It works and was tactic I have used in the past to overcome this restriction without having to go back for additional license. Latency is nominal but of course would depend on layer 3 forwarding device in front of ASA. > > I see it as engineering around a legal loophole. > > Regards, > > Marc Edwards > CCIE #38259 > > >> On Sun, Jan 19, 2014 at 8:13 AM, Tony Singh <mothafungla_at_gmail.com> wrote: >> >> ARP works at layer 2 therefore it is not possible to NAT inside host traffic for ARP yes you can for L3 traffic but it defeats the object and the cache would still get populated. >> >> If you meant NAT before the ASA with another device then yes agree this should work as long as latency or voice applications are not the sources. >> >> My 2cents >> >> -- >> BR >> >> Tony >> >> > On 18 Jan 2014, at 21:51, Jay McMickle <jay.mcmickle_at_yahoo.com> wrote: >> > >> > Now that's thinking like a CCIE. >> > +1 >> > >> > Regards, >> > Jay McMickle- 2x CCIE #35355 (R/S,Sec) >> > Sent from my iPhone 5 >> > >> >> On Jan 18, 2014, at 10:42 AM, marc edwards <renorider_at_gmail.com> wrote: >> >> >> >> Could always NAT on inside before ASA. What it doesn't know won't hurt it >> > ;) >> >> >> >>> On Saturday, January 18, 2014, Anthony <anthonybonilla.ccie_at_gmail.com> >> > wrote: >> >>> Great, thanks again guys! >> >>> >> >>> Sent from my iPhone >> >>> >> >>>> On Jan 18, 2014, at 9:38 AM, Jay McMickle <jay.mcmickle_at_yahoo.com> >> > wrote: >> >>>> >> >>>> One of the best ways to ease this pain is to not use the ASA as the >> > default gateway since it's the number of ARP entries that matter to the ASA >> > against the licenses. Another way to is to reduce the ARP entries (reduce arp >> > aging) and xlate timers. >> >>>> >> >>>> The license upgrade is only about $125 USD, but if it's only one printer >> > that's causing the license issue, these tweaks might be helpful as it doesn't >> > really need to be known by the ASA. >> >>>> >> >>>> Regards, >> >>>> Jay McMickle- 2x CCIE #35355 (R/S,Sec) >> >>>> Sent from my iPhone 5 >> >>>> >> >>>>> On Jan 18, 2014, at 7:08 AM, Gabriel Kujawski <gabriel_at_brama.waw.pl> >> > wrote: >> >>>>> >> >>>>> Yeah, no impact as long as you are within ten devices limit. >> >>>>> >> >>>>> Sent from your iPhone >> >>>>> >> >>>>>> On 18 sty 2014, at 13:56, Anthony <anthonybonilla.ccie_at_gmail.com> >> > wrote: >> >>>>>> >> >>>>>> Cool that's what I was hoping. Also, there shouldn't be any impact to >> > services for first 10 hosts, right? >> >>>>>> >> >>>>>> Sent from my iPhone >> >>>>>> >> >>>>>>> On Jan 18, 2014, at 12:56 AM, Gabriel Kujawski <gabriel_at_brama.waw.pl> >> > wrote: >> >>>>>>> >> >>>>>>> Hi, >> >>>>>>> The 11th host will be not be allowed to communicate with the outside >> > world. >> >>>>>>> >> >>>>>>> Sent from your iPhone >> >>>>>>> >> >>>>>>>> On 18 sty 2014, at 00:13, Anthony Bonilla >> > <anthonybonilla.ccie_at_gmail.com> wrote: >> >>>>>>>> >> >>>>>>>> Hi guys, >> >>>>>>>> >> >>>>>>>> Can someone please let me know implication of exceeding the base >> > limit on >> >>>>>>>> ASA for inside hosts (currently at 10)? I think I might be reaching >> > that >> >>>>>>>> limit and already looking into getting license for more hosts but >> > was >> >>>>>>>> curious in the meantime would ASA continue allowing traffic if I >> > tried to >> >>>>>>>> use 11th machine or would it have any adverse affect on the prod >> > traffic? >> >>>>>>>> Any insight would be greatly appreciated. >> >>>>>>>> >> >>>>>>>> TIA >> >>>>>>>> >> >>>>>>>> Tony >> >>>>>>>> >> >>>>>>>> >> >>>>>>>> Blogs and organic groups at http://www.ccie.net >> > _______________________________________________________________________ >> >>>>>>>> Subscription information may be found at: >> >>>>>>>> http://www.groupstudy.com/list/CCIELab.html >> >>>>> >> >>>>> >> >>>>> Blogs and organic groups at http://www.ccie.net >> >>>>> >> >>>>>Received on Sun Jan 19 2014 - 16:39:27 ART
This archive was generated by hypermail 2.2.0 : Sat Feb 01 2014 - 10:24:52 ART