[c-nsp] ASA address overloading
Peter Pauly
ppauly at gmail.com
Tue Feb 22 14:40:40 EST 2011
We're moving from PIX's to ASA5550's.
We did a lot of external IP address sharing among several internal networks
like this:
OLD:
global (outside) 100 12.34.56.78
nat (inside) 100 10.99.0.0 255.255.255.0 0 0
nat (inside) 100 10.55.0.0 255.255.0.0 0 0
We have hundreds of internal networks that need to be NAT'ed to a limited
set of outside IP addresses (/24).
On the ASA5550 however:
NEW:
object network alpha-dynamic-nat
subnet 10.99.0.0 255.255.255.0
nat (inside,outside) dynamic 12.34.56.78
object network beta-dynamic-nat
subnet 10.55.0.0 255.255.0.0
nat (inside,outside) dynamic 12.34.56.78
WARNING: Pool (12.34.56.78) overlap with existing pool.
Is it still okay to have multiple internet networks NAT'ed and sharing an
external IP address?
More information about the cisco-nsp
mailing list