Hello.

Alright so this indeed worked. I assume you meant access-list 101,102 and 103?

So let us forget a moment about 101 and 102.

103 is associating 192.168.5.50 to 192.168.4.177 which resides on GE 1/3 on the Switch to route back to the ASA.

This was initially an idea to at least make it work and it does… But I have 3 more Static IP’s I wish to do this with in same manner, but, I would need to run a total of 4 Ethernet cables so that I could PBR each IP (193.168.5.50-192.168.5.54) to 192.168.4.177 - 192.168.4.180. 
This is clearly a waste.

Currently my ASA has Static NAT from;

x.x.x.177 NAT to 192.168.4.177

x.x.x.178 NAT to 192.168.4.177

and so on…

By going through adding this Switch and adding PBR, could I have the 4 IP’s on the Switch use single, let’s say, 192.168.4.2 and on ASA change the current Static NAT and change 192.168.4.x to 192.168.5.50-192.168.5.54. Will the ASA know to NAT to and Switch accept it and redirect the correct ips to their WAN ip?

I can’t draw it out as it isn’t a thing yet so I can try a different approach if my example/question fails. 

So your original question was answered and works. I am puzzled by your followup question. The original question was about PBR but the followup seems to combine questions about PBR and about NAT. 

As far as the PBR is concerned you originally had a single address to have different forwarding logic. If you want to have 4 addresses use the same forwarding logic you simply need to add additional entries in the acl to match the additional addresses. I am not clear what you want to do with nat on the asa. Can you provide clarification?

Correct, my initial question was 1 ip PBR, and that works.

I was using it as a basis and am fine running 4 Ethernet cables per PBR, but want to avoid that.

The ASA has 4 Static IP’s which I have Static NAT to 4 ips in a 192.169.4.0 Subnet;

x.177 to 192.168.4.177

x.178 to 192.168.4.178

x.179 to 192.168.4.179

x.180 to 192.168.4.180

I have this because to save on Ethernet, I ran 1 to a L2 switch and so I made a subnet of their own. 

I want to eliminate the L2 and move them over to the Switch. But on the Switch there is an existing 192.168.5.0 so my intent was to reconfigure the 192.168.4.0 into 192.168.5.0 on the Switch to have 1 sharing LAN, but these 4 ips still need their specific WAN IP. So am I able to create a PBR with access-list 3 with an ip 192.168.4.2 and the new 4 ips (192.168.5.50-54) and then on the ASA change the NAT to their 192.168.5.0 IP instead of the existing 192.168.4.0?

Or am I explaining this wayyy to all over the place?

I have read through your description multiple times and still cannot follow what you are trying to do. 

Can you just explain in terms of devices and IPs exactly what you are trying to achieve ?

Jon

Alright so I drew a picture hopefully showing my needs.

There is NETWORK 1 and NETWORK 2, both working flawlessly.

I want to incorporate Network 1/- L2 Switch into the Network 2 Subnet (192.168.5.0) so "every" device (Network 1 and 2) are on same subnet, but have my original Network 2 PBR back to the ASA to use their WAN IP's. It was mentioned how to do it on a 1 to 1 basis as Georg Pauwen had mentioned and that works.

My next phase was how to incorporate all 4 IP's from Network 2 without having to run 4 ethernet cables to do so.

I was thinking if I made a 3rd PBR which would have a "gateway" of 192.168.4.2 (example) and have each of the 4 IP's (192.168.5.177-192.168.5.180) use 192.168.4.2 to talk back to the ASA and change the current ASA NAT from the 192.168.4.0 Network to the new 192.168.5.0 Network. (x.x.x.177 NAT to 192.168.4.177 would now become x.x.x.177 NAT to 192.168.5.177) would this work?

Like @Jon Marshall I am having difficulty understanding the question. As I read it I believe that it is about how you can do Address Translation. The original post described it in terms of 1 address. Then it became 4 addresses. @Georg Pauwen gave a suggestion for the 1 address by adding acl 103 and adding a stanza to the PBR route map. It seems to me that if you want to do 4 addresses you would use acl 103, 104, 105, and 106 and add additional stanzas to the PBR route map.

That is correct, I would make 4 ACL's. And that is correct, this started as 1 IP (So I could use reference to the other 3) but then it occurred to me that if these new 4 PBR's are 1 to 1, I would need 4 Ethernet Cables for each PBR, which is why I expanded upon the initial question.

This was why I was asking now that I can create these 4 new ACL'S/PBR, is there a way to "trunk" them or utilize ONE PBR and have the ASA do the WAN to Internal NAT to save on cables/ports. If I did not care about running 4 Ethernet cables I would be 100% done here as the configuration example works and that is awesome!

Still not sure I totally follow but if you just want the traffic for all those IPs to go to the ASA you just need one connection to the ASA and then the ASA does the NAT for each IP. 

I can't see why you would need multiple connections between the switch and the ASA. 

Jon

Well that was my concern;

Currently Network Two has 2 PBR'S, both using a "range" of IP's going to their own WAN IP, and that is fine.

With my new concept it isn't a range, it is 1 to 1 so;

LAN 192.168.5.177 must go to WAN x.x.x.177

LAN 192.168.5.178 must go to WAN x.x.x.178

LAN 192.168.5.179 must go to WAN x.x.x.179

LAN 192.168.5.180 must go to WAN x.x.x.180

Would I then make the PBR IP 192.168.4.2 as the Gateway for the "range" 192.168.5.177-192.168.5.180 and then on the ASA I just NAT x.x.x.177 to 192.168.5.177. 

I suppose my concern was, how does the ASA know what 192.168.5.0 is if it isn't its host or direct subnet? Or is that the beauty if automatic Network Logic?

So anyway, without KNOWING what can and can't happen my default notion was "oh crap do i need to run a cable for each direct pbr" or can the example I said above work.

You can't make the gateway 192.168.4.2 if the IPs are in the 192.168.5.0/24 subnet. 

However the ASA does not need the IPs to be part of a directly connected subnet to do NAT for them, the ASA just needs to know how to reach the 192.168.5.x IPs. 

So if the switch is connected to the ASA using 192.168.4.x and the switch is capable of routing between vlans then it would work fine or alternatively if the routing is being done on the ASA you would need just one extra connection in the 192.168.5.x subnet. 

I think this is where the confusion has come from ie. it is not clear where the routing between vlans is taking place. 

Jon

Just to clarify, when I say you can't make that the gateway for the 192.168.5.x IPs I mean in their IP configuration. 

But you can use 192.168.4.2 as the next hop IP in your PBR configuration for those IPs. 

Jon