Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

loadbalance PAT of IPs in a object-group

Hi

 

I have configured a range of 4 public address´ into a object-group and used this object-group in my dynamic NAT statement.

The 4 public IP is in the same subnet.

 

Basically it works fine but the PAT is only sourcing from 1 of the IPs

 

Does anyone know what loadbalanting method the ASA is using? when will is start sourcing for any of the other 3 IPs? 

 

The firewall is a 5525 running 9.1

Everyone's tags (1)
1 REPLY
Super Bronze

Hi, To my understanding it

Hi,

 

To my understanding it will exhaust all the ports for the first PAT IP address before moving to the next PAT IP address configured in the "object-group"

 

You could try something like this (naturally the IPs, names of objects and interfaces will be different)

 

object-group network SOURCE-SUBNETS
 network-object <net1> <mask>
 network-object <net2> <mask>

object-group network PAT-POOL
 network-object host 1.1.1.1
 network-object host 1.1.1.2
 network-object host 1.1.1.3

 

nat (inside,outside) after-auto source dynamic SOURCE-SUBNETS pat-pool PAT-POOL round-robin

 

With this it should to my understanding use different PAT address in turns when different internal hosts connect using this NAT configuration.

 

Hope this helps :)

 

Let me know how it goes.

 

- Jouni

36
Views
0
Helpful
1
Replies
CreatePlease login to create content