Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 331
  • Last Modified:

NAT based on destination

I have a partner web site that seems to not cope with with multiple users coming to it from our same source PAT public IP address.  It there a way to tell the ASA to use a specific NAT pool if they are trying to go to a particular address?
0
amigan_99
Asked:
amigan_99
  • 2
1 Solution
 
Jody LemoineNetwork ArchitectCommented:
Usually a static NAT entry is used in this scenario. Static NAT is bidirectional and will supersede your overloaded NAT for traffic to/from the addresses in question.
0
 
Jody LemoineNetwork ArchitectCommented:
Sorry. Misread.

If you want to change pools based on destination, you can do it like this:

access-list acl-pool-1 permit ip any x.x.x.x y.y.y.y
access-list acl-pool-default permit ip any any

nat (inside) 1 access-list acl-pool-1
nat (inside) 10 access-list acl-pool-default
global (outside) 1 a.a.a.a  m.m.m.m
global (outside) 10 a.a.a.b  m.m.m.m

If you define your destination in acl-pool-1, it will use pool 1 and everything else will use pool 10.
0
 
amigan_99Network EngineerAuthor Commented:
This is great.  I am dealing with a dinosaur government agency whom is not dealing with multiple clients coming from a single PAT.  Arrgh.  :-)
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now