NAtting Issue

Unanswered Question
Sep 28th, 2008
User Badges:


I have a L3 swith where user vlan is created & the natting is done in ASA.



nat (inside) 1

global (outside) 1 210.212.10.x netmask

route outside 0 0 x.x.x.y (router interface connected with asa)

route inside (switch interface ip connecte switch asa inside)


End users are assigned static IP. I don't have internal DNS server. Whenever users want to access internet they need to authenticate in a website which is hosted in internet using username & password & after successful authentication he can access internet. So a public ip is assigned against the ende user from the public ip pool. Is there any way to achieve this using wasting public IP?

Customer is not going for internal DNS...

Please suggest.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dhananjoy chowdhury Mon, 09/29/2008 - 01:35
User Badges:
  • Silver, 250 points or more


For the Public IP issue, what you can do is do PAT instead of using the Public IP pool.

Do this

no global (outside) 1 210.212.10.x netmask

global (outside) 1

Now, all the inside clients will be using only a single IP , i.e,


For the DNS , you can ask the customer to use the free DNS service from OpenDNS.

Put these IP'sas primary and Secondary DNS on thw clients.

Hope this helps.


This Discussion