Using an ASA, v9.1(3), have configured a static NAT rule that uses a network object group as a destination. The NAT rule is used in a VPN configuration. The group has three IPv4 address members. With some preliminary testing via two users, it is noticed that the ASA chooses one of the group IPs as is expected in a seemingly random manner. In other words, all seems to work.
I would like to know *how* the ASA chooses the IP. Is there a round robin algorithm being used? What about statefulness. Sounds like I'm talking about a load balancer I know and it seem a bit much to expect that functionality. I haven't been able to find documentation on this area. Any advice on this is greatly appreciated.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...