Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
257
Views
0
Helpful
1
Replies

loadbalance PAT of IPs in a object-group

Rasmus Kiilerich
Level 1
Level 1

‎10-01-2014 03:18 AM - edited ‎03-11-2019 09:50 PM

Hi

 

I have configured a range of 4 public address´ into a object-group and used this object-group in my dynamic NAT statement.

The 4 public IP is in the same subnet.

 

Basically it works fine but the PAT is only sourcing from 1 of the IPs

 

Does anyone know what loadbalanting method the ASA is using? when will is start sourcing for any of the other 3 IPs? 

 

The firewall is a 5525 running 9.1

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎10-01-2014 03:34 AM

Hi,

 

To my understanding it will exhaust all the ports for the first PAT IP address before moving to the next PAT IP address configured in the "object-group"

 

You could try something like this (naturally the IPs, names of objects and interfaces will be different)

 

object-group network SOURCE-SUBNETS
 network-object <net1> <mask>
 network-object <net2> <mask>

object-group network PAT-POOL
 network-object host 1.1.1.1
 network-object host 1.1.1.2
 network-object host 1.1.1.3

 

nat (inside,outside) after-auto source dynamic SOURCE-SUBNETS pat-pool PAT-POOL round-robin

 

With this it should to my understanding use different PAT address in turns when different internal hosts connect using this NAT configuration.

 

Hope this helps :)

 

Let me know how it goes.

 

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card