- Site A has a very large IP block (otherwise we would have used 1:1 NAT)
- Site B has 20 hosts
- Site A primarily initiates traffic to Site B; any host at site A is allowed to connect
- Site A has 2 network links in to Site B
- It will route traffic through Link_1 to a Site B host on IP_1
- It also has another route through Link_2 to the same exact Site B host but on a NAT'ed IP_2
- Site A source IP is always the same - they cannot NAT
- Site B initiates traffic to a handful of hosts at Site A which can live anywhere in Site A's IP block
- Site A and Site B must be able to communicate across both links without any further intervention (ie no changing of routes to flip from Link_1 to Link_2) - both paths are active at all times
For whatever reasons (political, technical, etc) the above statements are fixed. The initial thought was to use a one to many NAT at site B - as a standalone solution this does not work because traffic initiated from Site B won't be returned properly. Is it possible to create static NAT's for the Site A resources that Site B needs to reach, and then setup multiple one to many NAT's to cover the remaining IP's? Or even better is it possible to setup a single one to many NAT with exclusions? The config on Site B will have to be on ASA only.