Solved

NAT based on destination

Posted on 2013-12-12
3
319 Views
Last Modified: 2013-12-13
I have a partner web site that seems to not cope with with multiple users coming to it from our same source PAT public IP address.  It there a way to tell the ASA to use a specific NAT pool if they are trying to go to a particular address?
0
Comment
Question by:amigan_99
  • 2
3 Comments
 
LVL 22

Expert Comment

by:Jody Lemoine
ID: 39717429
Usually a static NAT entry is used in this scenario. Static NAT is bidirectional and will supersede your overloaded NAT for traffic to/from the addresses in question.
0
 
LVL 22

Accepted Solution

by:
Jody Lemoine earned 500 total points
ID: 39717514
Sorry. Misread.

If you want to change pools based on destination, you can do it like this:

access-list acl-pool-1 permit ip any x.x.x.x y.y.y.y
access-list acl-pool-default permit ip any any

nat (inside) 1 access-list acl-pool-1
nat (inside) 10 access-list acl-pool-default
global (outside) 1 a.a.a.a  m.m.m.m
global (outside) 10 a.a.a.b  m.m.m.m

If you define your destination in acl-pool-1, it will use pool 1 and everything else will use pool 10.
0
 
LVL 1

Author Closing Comment

by:amigan_99
ID: 39718271
This is great.  I am dealing with a dinosaur government agency whom is not dealing with multiple clients coming from a single PAT.  Arrgh.  :-)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now