Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
328
Views
0
Helpful
1
Replies

Static NAT and Network Object Groups

Mike Wiseman
Level 1
Level 1

‎12-18-2013 01:57 PM

Hi,

Using an ASA, v9.1(3), have configured a static NAT rule that uses a network object group as a destination. The NAT rule is used in a VPN configuration. The group has three IPv4 address members. With some preliminary testing via two users, it is noticed that the ASA chooses one of the group IPs as is expected in a seemingly random manner. In other words, all seems to work.

I would like to know *how* the ASA chooses the IP. Is there a round robin algorithm being used? What about statefulness. Sounds like I'm talking about a load balancer I know and it seem a bit much to expect that functionality. I haven't been able to find documentation on this area. Any advice on this is greatly appreciated.

Thanks,

Mike

Mike Wiseman

University of Toronto 

Labels:
0 Helpful
1 Reply 1

Collin Clark
VIP Alumni
VIP Alumni

‎12-18-2013 03:14 PM

Hosts are 1-to-1 NAT'd until the pool is exhausted, then they PAT.

http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/firewall/nat_objects.html#wp1534465


0 Helpful
Customers Also Viewed These Support Documents