03-31-2020 09:35 AM - edited 03-31-2020 09:35 AM
We have a system in our DMZ which regularly hangs and the supplier have told us it's because we're NAT'ing the source address into the DMZ and the server can't handle so many connections coming from a single source address. Their recommendation is to present each clients 'real' IP Address to the server but for many reasons we can't do this.
Is there a way to configure a CISCO ASA (FPR 2110) to NAT the Source Address into the DMZ but using a pool of IP Addresses, rather than a single address?? I'm hoping we can spread the connections to the server across many different source IP Addresses..
Any help gratefully received....
03-31-2020 11:02 AM - edited 03-31-2020 11:05 AM
yes you can do with Multiple NAT Address pool, rather rely on single 1IP address have Limitation of multiplexing.
you can also fine tune with timings, depends on your config, what is configured, what time outs ? we need more information and config to suggest better here.
03-31-2020 11:17 AM
Hi,
You configure regular dynamic NAT, and you make use of the "round-robin" functionality, otherwise all translations will still use the first IP from the pool till all ports are depleted.
Regards,
Cristian Matei.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide