11-03-2010 04:24 AM - edited 03-11-2019 12:03 PM
Hi
Is that possible to make multiple pat addresse on ASA?
11-03-2010 06:50 AM
Yes it is possible.
11-03-2010 06:54 AM
what i mean is oveloading on an interface with 2 ip addresses.
do you have any documantation for that?
11-03-2010 06:58 AM
There are a couple of options. Can you be more specific on what you need to achieve?
11-03-2010 07:05 AM
Ok.
we have internet connection. our lan ip addresses are PAT ed on ASA with one ip address. but some of the clients should use another ip adressto reach internet. I want to use another ip address from our internet IP adresses.
11-03-2010 07:14 AM
OK. You would want to setup to NAT Pools-
global (outside) 1 75.50.95.73
global (outside) 2 75.50.95.77
nat (inside) 1 192.168.1.5
nat (inside) 2 0.0.0.0 0.0.0.0.0
This would NAT the internal IP of 192.168.1.5 to 75.50.95.73 and everyone else on the internal network to 75.50.95.77. If you have more than a few clients with the special NAT, you can use an ACL instead of the host address.
Here is the configuration guide [8.2] on configuring NAT-
http://www.cisco.com/en/US/partner/docs/security/asa/asa82/configuration/guide/nat_staticpat.html
Hope it helps.
11-04-2010 12:06 AM
Hi,
The solution that you provided works.
I have another question.
Now, I have one group and will use one nat.
but at global config:
global (INTERNET) 1 192.168.4.244 netmask 255.255.255.0
global (INTERNET) 1 192.168.4.245 netmask 255.255.255.0
The users always use 192.168.4.244.. is that possible to make it ramdom. one user or session 244 another 245...
Thank you.
11-04-2010 07:17 AM
For that you would need to use a pool and even then it doesn't use a round robin or anything. The first client gets the first IP, second client gets the 2nd IP and so on until all the IP's are used. It will then PAT on that last IP.
11-04-2010 09:44 AM
Hi,
Both first and scond ip goes the first IP. >192.168.4.244
PAT Global 192.168.4.244(1308) Local 111.1.1.2(51534)
PAT Global 192.168.4.244(1307) Local 111.1.1.2(50743)
PAT Global 192.168.4.244(1133) Local 111.1.1.2(49473)
PAT Global 192.168.4.244(1306) Local 111.1.1.2(63708)
PAT Global 192.168.4.244(3) Local 111.1.1.2 ICMP id 1
PAT Global 192.168.4.244(1157) Local 111.1.1.10(1060)
PAT Global 192.168.4.244(1156) Local 111.1.1.10(1059)
PAT Global 192.168.4.244(1155) Local 111.1.1.10(1058)
PAT Global 192.168.4.244(1154) Local 111.1.1.10(1057)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide