Want to Natting one private ip with multiple publice IPs on asa 5550

madhur.singh · ‎05-31-2011

Hello I want to configure my one private ip of my proxy server with multiple public ips(group of IP'S) on ASA 5550 so that when ever my proxy send request,each request must go with new public ip.

If any one have the idea then let me know.

Regards
Mohit Jain

manish arora · ‎05-31-2011

Hi Mohit,

This is tricky since the Traffic is being initiated from the Inside interface , even if you are using asa 8.3 onwards which gives you the ability to NAT on Private ip to multiple Public ip's or you are using asa pre 8.3 , where you can trick the asa by using policy based NAT. In both the cases the public ip's will respond for single private ip but from traffic coming into that NAT , traffic going out will still be using the First available NAT.

I did implemented this ones before , where we were using SQUID proxy server , you can configure multiple alias private IP's on the squid server and then create a different NAT for each of those Private IP's. then configure Squid to rotate IP's as per your Need.

http://wiki.squid-cache.org/ConfigExamples/Strange/RotatingIPs

Manish

Allen P Chen · ‎05-31-2011

Hello,

If the ASA is running software version 8.3 or above, you can configure one-to-many static NAT.

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_overview.html#wp1107407

Hope this helps.

madhur.singh · ‎06-01-2011

Hello Allen,

Kindly let me know currently i am using 8.0 version on asa if i will upgrade my asa would my all old configuration would be same or i have to configure this appliance again.

Regards

Mohit Jain

Allen P Chen · ‎06-01-2011

Hello,

When you upgrade the ASA from 8.0 to 8.3, the configuration will be automatically converted to the 8.3 format. There are drastic NAT and ACL changes with software version 8.3. These are detailed here:

http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html

Hope this helps.