Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
994
Views
0
Helpful
2
Replies

Source NAT Pool

BlueyVIII
Level 1
Level 1

‎03-31-2020 09:35 AM - edited ‎03-31-2020 09:35 AM

We have a system in our DMZ which regularly hangs and the supplier have told us it's because we're NAT'ing the source address into the DMZ and the server can't handle so many connections coming from a single source address. Their recommendation is to present each clients 'real' IP Address to the server but for many reasons we can't do this.

 

Is there a way to configure a CISCO ASA (FPR 2110) to NAT the Source Address into the DMZ but using a pool of IP Addresses, rather than a single address?? I'm hoping we can spread the connections to the server across many different source IP Addresses..

 

Any help gratefully received....

0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎03-31-2020 11:02 AM - edited ‎03-31-2020 11:05 AM

yes you can do with Multiple NAT Address pool, rather rely on single 1IP address have Limitation of multiplexing.

 

you can also fine tune with timings, depends on your config, what is configured, what time outs ? we need more information and config to suggest better here.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni

‎03-31-2020 11:17 AM

Hi,

 

   You configure regular dynamic NAT, and you make use of the "round-robin" functionality, otherwise all translations will still use the first IP from the pool till all ports are depleted.

 

Regards,

Cristian Matei.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card