i am running CGN with NAT44 on ISM module. Problem i am facing is that whenever we face spamming by miscreant user in our network, our upstream blocks the public ip pool on which we perform nat44 translation, resulting all nat44 users to face outage. until we change the address-pool
Is there anyway to exclude one IP Address from address-pool ?? or define multiple address pools?
following is my configuration;
service cgn cgn
service-location preferred-active 0/1/CPU0
service-type nat44 nat44
map outside-vrf inside-lan1-outside address-pool 18.104.22.168/24
session active timeout 300