NAtting Issue

Unanswered Question
Sep 28th, 2008

Hi,

I have a L3 swith where user vlan is created & the natting is done in ASA.

In ASA:

========

nat (inside) 1 10.10.11.0 255.255.255.0

global (outside) 1 210.212.10.x 210.212.10.20 netmask 255.255.255.240

route outside 0 0 x.x.x.y (router interface connected with asa)

route inside 10.10.11.0 255.255.255.0 10.10.20.2 (switch interface ip connecte switch asa inside)

========================================

End users are assigned static IP. I don't have internal DNS server. Whenever users want to access internet they need to authenticate in a website which is hosted in internet using username & password & after successful authentication he can access internet. So a public ip is assigned against the ende user from the public ip pool. Is there any way to achieve this using wasting public IP?

Customer is not going for internal DNS...

Please suggest.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dhananjoy chowdhury Mon, 09/29/2008 - 01:35

Hi,

For the Public IP issue, what you can do is do PAT instead of using the Public IP pool.

Do this

no global (outside) 1 210.212.10.x 210.212.10.20 netmask 255.255.255.240

global (outside) 1 210.212.10.20

Now, all the inside clients will be using only a single IP , i.e, 210.212.10.20

--------------------

For the DNS , you can ask the customer to use the free DNS service from OpenDNS.

Put these IP'sas primary and Secondary DNS on thw clients.

208.67.222.222

208.67.220.220

Hope this helps.

Actions

This Discussion