PAT/NAT on ASA5520

Unanswered Question
Aug 24th, 2009

Hi-

I've got a setup where for our outgoing internet connections, all users are PAT'd to 1 outside address. I've got a connection that needs to have multiple people use it, and the requirements from the vendor are that the clients need to have individual IPs for each connection. So, what I'm going to ask is: Is it possible to PAT and have an ACL for sites that users will be going to that will have a NAT pool to assign from for those addresses on an ASA5520? I am not able to identify the users because there are many, so was thinking this would be the easiest way to do it.

Any help would be greatly appreciated!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Mon, 08/24/2009 - 12:26

Walter

Assuming client subnet is 192.168.5.0/24 and destination subnet is 172.16.5.0/24 and the NAT pool is 10.5.1.0/24

Internet PAT

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

or something along those lines ie. you will already have something like this in your config.

Policy NAT for this additional connection

access-list PNAT permit ip 192.168.5.0 255.255.255.0 172.16.5.0 255.255.255.0

nat (inside) 2 access-list PNAT

global (outside) 2 10.5.1.1-10.5.1.254

Jon

Actions

This Discussion