Test

NAT + PBR Deployment

Hello. So I have nothing to post as this is a theory and a question on its legitimacy, as in, can it be done this way or what better way.

ASA 5508-X w/ 6 Usable Static IP’s

  x.x.x.182 (ASA WAN)

  x.x.x.177

  x.x.x.178

  x.x.x.179

  x.x.x.180

  x.x.x.181




SG550X

  LAN 192.168.5.0

      192.168.5.2 - 192.168.5.100 PBR to use x.x.x.182 WAN IP (Range)

      192.168.5.177 PBR to use x.x.x.177 WAN IP ( 1 to 1 )

      192.168.5.178 PBR to use x.x.x.178 WAN IP ( 1 to 1 )

      192.168.5.179 PBR to use x.x.x.179 WAN IP ( 1 to 1 )

      192.168.5.180 PBR to use x.x.x.180 WAN IP ( 1 to 1 )

      192.168.5.181  PBR to use x.x.x.181 WAN IP ( 1 to 1 )

My question is how many Networks from ASA to SG would I need? I mean to use PBR I need an interface on SG to be an IP as a next hop to the ASA. Do I need 1 network per PBR or an IP for each PBR from the same Network on the ASA.

For example, I assume each PBR needs its own Interface IP for next hope or else why even have PBR.

Would x.x.x.182 use 192.168.1.0 to reach SG, x.x.x.177 use 192.168.2.0 to reach SG, x.x.x.178 use 192.168.3.0 and so on? Or could all of this be done with one Network from ASA to SG and use NAT/PAT on ASA. This is where I start to get confused.

Among all of my gibberish. This stands true and the point;

Really to simplify, I want everything on my entire Network to be on 192.168.5.0, but the Specific IP’s and IP Ranges to go to their correct WAN IP’s as mentioned above under SG550X.