02-09-2012 10:54 AM - edited 03-11-2019 03:27 PM
Hi, I have a client, who is asking to nat 35 Private IP behind one public IP in cisco ASA. maintaing 35 to 1 Nat ratio.
currently what i am doing in my ASA is
global (Client) 1 24.45.43.1 netmask 255.255.255.0
nat(inside) 1 10.0.0.0 netmask 255.0.0.0
How can i make sure
that PAT IP for all outgoing packet become 24.45.43.2 when 36 agent or session tries to access any client application,
and then PAT IP Become 24.45.43.3 when 71st Agent or session establishes?
is it possible?
02-09-2012 11:01 AM
Hi Ahmad,
You can assign different pat ip's based on number of session, but yes you can do that on the basis of 35 different ip's, like:
global (Client) 1 24.45.43.1
global (Client) 2 24.45.43.2
global (Client) 3 24.45.43.3
nat(inside) 1 10.1.1.1-10.1.1.35
nat (inside) 2 10.1.1.36-10.1.1.70
nat (inside) 3 10.1.1.71-10.1.1.105
But you cannot do that on the basis of number of connections.
Hope that helps.
Thanks,
Varun
02-09-2012 11:04 AM
i had this idea, but that would be nightmare for me to do, since i have no information from where agents are going to access, they are located in different geographical locations
i thought there might be some technique to do this automatically.
but if no otherway, then this would be my last option:(
02-09-2012 11:09 AM
Yes Ahmad, that might be ur only option, because firewall does change the pat addresses based upon number of connections, it would only switch to next ip, when all the ports (1025-65535) are exhausted on the public ip.
Thanks,
Varun
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide