Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)

NAT configuration assistance on ASA

Is there a way to do NAT to for 3-4 different public address if the source is from a certain source address range. For example, our district haveelementary, middle, high school, and adminstration users, is there a way to NAT address from each of the different group to a different external address (with overload) so that we can utilize the service of Open DNS? If this

deployment can be done this way can someone please assist in this configuration. We have ASA 5520 running 8.02

Thanks

2 REPLIES
Hall of Fame Super Blue

Re: NAT configuration assistance on ASA

lansingschools_ops wrote:

Is there a way to do NAT to for 3-4 different public address if the source is from a certain source address range. For example, our district haveelementary, middle, high school, and adminstration users, is there a way to NAT address from each of the different group to a different external address (with overload) so that we can utilize the service of Open DNS? If this

deployment can be done this way can someone please assist in this configuration. We have ASA 5520 running 8.02

Thanks

Yes

nat (inside)  1 192.168.5.0 255.255.255.0

nat (inside) 1 192.168.6.0 255.255.255.0

nat (inside) 2 192.168.20.0 255.255.255.0

nat (inside) 3 172.16.5.0 255.255.255.0

nat (inside) 4 172.16.10.0 255.255.255.0

global (outside) 1

global (outside) 2

global (outside) 3

global (outside) 4

the index numbers match up so 192.168.20.x users would get natted to ip address_2, 172.16.5.x users to ip address_3 etc..

Jon

Re: NAT configuration assistance on ASA

You can also try policy nat. Define the source networks on an ACL and then apply the ACL to the NAT command, for example:

access-l middle_school permit ip 10.10.1.0 255.255.255.0  any

nat (inside) 1 access-l middle_school

global (outside) 1 

access-l high_school permit ip 10.10.2.0 255.255.255.0 any

nat (inside) 2 access-l middle_school

global (outside) 2 

And so on...

370
Views
0
Helpful
2
Replies
CreatePlease to create content