https://community.cisco.com/t5/network-security/nat-configuration/m-p/1439490#M667844 <HTML><HEAD></HEAD><BODY><P>ok, my intention is to ensure that this second global IP is not being used&nbsp; by other ip's except for 192.168.100.1 to 192.168.100.3.</P><P></P><P>nat ( inside ) 1 0.0.0.0 0.0.0.0 - this nat is using another global ip address for general overload. I want to ensure ip's from this range doesnt try to use</P><P>the second global ip for nat.</P><P><BR />Would it be possible without any additional config.</P><P></P><P>Thanks in advance.</P></BODY></HTML> Wed, 14 Jul 2010 02:30:32 GMT suthomas1 2010-07-14T02:30:32Z https://community.cisco.com/t5/network-security/nat-configuration/m-p/1439486#M667827 <P>My ASA has an existing overloaded nat in place for all the connections going out.<BR />like nat ( inside ) 1 0.0.0.0 0.0.0.0 <BR />i need to configure a seperate nat for outgoing translation with a set of ip's.<BR />local ip's are 192.168.100.1 to 192.168.100.3 &amp; it is to be natted with 202.88.116.27. Please help on how to configure this for use by these ip's only.</P><P></P><P></P><P>thanks in advance.</P> Mon, 11 Mar 2019 18:11:36 GMT https://community.cisco.com/t5/network-security/nat-configuration/m-p/1439486#M667827 suthomas1 2019-03-11T18:11:36Z https://community.cisco.com/t5/network-security/nat-configuration/m-p/1439487#M667831 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>You can specify another NAT pool and specify specific source addresses that will be using that pool. In dynamic NAT, the firewall uses specific translation first before using the generic pool.</P><P></P><P>Global (outside) 2 202.88.116.27</P><P></P><P>Nat (inside) 2 192.168.100.0 255.255.255.252</P><P></P><P></P><P>Above configuration enables all the hosts between 192.168.100.0 to 100.3 to use the 202.88.116.27 address (since 100.0 is the network address, you will not see any traffic from that address).</P><P></P><P>Hope this helps.</P><P></P><P>Regards,</P><P></P><P>NT</P></BODY></HTML> Wed, 14 Jul 2010 00:50:59 GMT https://community.cisco.com/t5/network-security/nat-configuration/m-p/1439487#M667831 Nagaraja Thanthry 2010-07-14T00:50:59Z https://community.cisco.com/t5/network-security/nat-configuration/m-p/1439488#M667835 <HTML><HEAD></HEAD><BODY><P>thanks for your reply. wouldnt i need to deny this pool being used by other internal ip's for nat.</P></BODY></HTML> Wed, 14 Jul 2010 01:06:22 GMT https://community.cisco.com/t5/network-security/nat-configuration/m-p/1439488#M667835 suthomas1 2010-07-14T01:06:22Z https://community.cisco.com/t5/network-security/nat-configuration/m-p/1439489#M667841 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Once the firewall picks one pool, it will not look for the second pool. The firewall always picks the longest (best) match for every source address (sometimes it will also check the destination address if you have configured policy nat). So, you do not need to explicitly deny an address from using a pool.</P><P></P><P>Hope this helps.</P><P></P><P>Regards,</P><P></P><P>NT</P></BODY></HTML> Wed, 14 Jul 2010 01:13:58 GMT https://community.cisco.com/t5/network-security/nat-configuration/m-p/1439489#M667841 Nagaraja Thanthry 2010-07-14T01:13:58Z https://community.cisco.com/t5/network-security/nat-configuration/m-p/1439490#M667844 <HTML><HEAD></HEAD><BODY><P>ok, my intention is to ensure that this second global IP is not being used&nbsp; by other ip's except for 192.168.100.1 to 192.168.100.3.</P><P></P><P>nat ( inside ) 1 0.0.0.0 0.0.0.0 - this nat is using another global ip address for general overload. I want to ensure ip's from this range doesnt try to use</P><P>the second global ip for nat.</P><P><BR />Would it be possible without any additional config.</P><P></P><P>Thanks in advance.</P></BODY></HTML> Wed, 14 Jul 2010 02:30:32 GMT https://community.cisco.com/t5/network-security/nat-configuration/m-p/1439490#M667844 suthomas1 2010-07-14T02:30:32Z https://community.cisco.com/t5/network-security/nat-configuration/m-p/1439491#M667848 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>If you configure "nat (inside) 2 192.168.100.0 255.255.255.252" only addresses covered in the range can use the nat pool identified by number 2. You do not need any other configuration to block other IP addresses from using the range.</P><P></P><P>Hope this helps.</P><P></P><P>Regards,</P><P></P><P>NT</P></BODY></HTML> Wed, 14 Jul 2010 02:40:28 GMT https://community.cisco.com/t5/network-security/nat-configuration/m-p/1439491#M667848 Nagaraja Thanthry 2010-07-14T02:40:28Z