How to configure 2 NATs with access-list based on destination port

Unanswered Question
Feb 9th, 2010

Is it possible to configure 2 NATs and have them used based on the destination port of the packets?

I'm currently trying to do this with a Cisco 881.

I can see that I can create 2 access-lists based on source and destination IP, but there is no option for source or destination port:

access-list 1 permit

  • If not possible with the 881, is this possible with the ASA 5505?
  • If that's the case, can the ASA 5505 be configured as one half of a site-to-site VPN with the other side a Cisco 881?

To explain further, we currently have 2 WAN connections:

  • Expensive fiber connection for mission-critical apps (web hosting, mail, accessing customer sites)
  • Cheap DSL connection for web browsing (HTTP+HTTPS)

We're using a Linux machine to route based on destination port. Anything for HTTP or HTTPS goes via the cheap DSL connection and everything else goes via the fiber connection.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
spremkumar Thu, 02/11/2010 - 03:49

Can you post out a detailed diagram of your requirement with dummy ip schema attached to it?


tassiliopoulos Thu, 02/11/2010 - 16:43

I'm attaching a diagram showing everything I'm trying to achieve.

I've also included the second network (on the right) that needs a site-to-site VPN between the two routers.

What I need to know at this point if all this is possible and what devices are best before I actually purchase anything.

Thanks very much

milan.kulik Fri, 02/12/2010 - 06:32


not sure if I've got your point, but wouldn't using an extended ACL instead of a standard ACL help?




This Discussion

Related Content