Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1159
Views
0
Helpful
8
Replies

Multiple PAT address

Muhammed AKYUZ
Level 1
Level 1

‎11-03-2010 04:24 AM - edited ‎03-11-2019 12:03 PM

Hi

Is that possible to make multiple pat addresse on ASA?

Labels:
0 Helpful
8 Replies 8

Collin Clark
VIP Alumni
VIP Alumni

‎11-03-2010 06:50 AM

Yes it is possible.

0 Helpful

Muhammed AKYUZ
Level 1
Level 1
In response to Collin Clark

‎11-03-2010 06:54 AM

what i mean is oveloading on an interface with 2 ip addresses.

do you have any documantation for that?

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to Muhammed AKYUZ

‎11-03-2010 06:58 AM

There are a couple of options. Can you be more specific on what you need to achieve?

0 Helpful

Muhammed AKYUZ
Level 1
Level 1
In response to Collin Clark

‎11-03-2010 07:05 AM

Ok.

we have internet connection. our lan ip addresses are PAT ed on ASA with one ip address. but some of the clients should use another ip adressto reach internet. I want to use another ip address from our internet IP adresses.

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to Muhammed AKYUZ

‎11-03-2010 07:14 AM

OK. You would want to setup to NAT Pools-

global (outside) 1 75.50.95.73

global (outside) 2 75.50.95.77


nat (inside) 1 192.168.1.5

nat (inside) 2 0.0.0.0 0.0.0.0.0

This would NAT the internal IP of 192.168.1.5 to 75.50.95.73 and everyone else on the internal network to 75.50.95.77. If you have more than a few clients with the special NAT, you can use an ACL instead of the host address.

Here is the configuration guide [8.2] on configuring NAT-

http://www.cisco.com/en/US/partner/docs/security/asa/asa82/configuration/guide/nat_staticpat.html

Hope it helps.

0 Helpful

Muhammed AKYUZ
Level 1
Level 1
In response to Collin Clark

‎11-04-2010 12:06 AM

Hi,

The solution that you provided works.

I have another question.

Now, I have one group and will use one nat.

but at global config:

global (INTERNET) 1 192.168.4.244 netmask 255.255.255.0
global (INTERNET) 1 192.168.4.245 netmask 255.255.255.0

The users always use 192.168.4.244.. is that possible to make it ramdom. one user or session 244 another 245...

Thank you.

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to Muhammed AKYUZ

‎11-04-2010 07:17 AM

For that you would need to use a pool and even then it doesn't use a round robin or anything. The first client gets the first IP, second client gets the 2nd IP and so on until all the IP's are used. It will then PAT on that last IP.

0 Helpful

Muhammed AKYUZ
Level 1
Level 1
In response to Collin Clark

‎11-04-2010 09:44 AM

Hi,

Both first and scond ip goes the first IP. >192.168.4.244

PAT Global 192.168.4.244(1308) Local 111.1.1.2(51534)
PAT Global 192.168.4.244(1307) Local 111.1.1.2(50743)
PAT Global 192.168.4.244(1133) Local 111.1.1.2(49473)
PAT Global 192.168.4.244(1306) Local 111.1.1.2(63708)
PAT Global 192.168.4.244(3) Local 111.1.1.2 ICMP id 1
PAT Global 192.168.4.244(1157) Local 111.1.1.10(1060)
PAT Global 192.168.4.244(1156) Local 111.1.1.10(1059)
PAT Global 192.168.4.244(1155) Local 111.1.1.10(1058)
PAT Global 192.168.4.244(1154) Local 111.1.1.10(1057)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card