global (pat) based on host bit

Unanswered Question
Mar 16th, 2010
User Badges:
  • Gold, 750 points or more

I want to be able to set up multple pats on an asa5550 and want to map groups of hosts to pats based on the host bit.


pat 1, host bits end in 111

pat2, host bits end in 110

pat3, host bits end in 100.

Is there are way to do this on an asa5550 running 8.2.2 ?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Federico Coto F... Tue, 03/16/2010 - 08:04
User Badges:
  • Green, 3000 points or more


You can have multiple PAT rules, but to do the rules based on bit position you need wildcard masks.
The ASA supports only subnet masks.

You cannot map the host bits on subnet masks, so you have two options:

1. Make each PAT rule individually
2. Group the amount of hosts that you can with the corresponding subnet masks



This Discussion