On internal IP to many external IPs|
|
|
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||||||||||||||||||||
|
Posted by Lars Bonnesen on August 22, 2006, 6:03 am
Please log in for more thread options
adress to many external shifting IPs sequentially? That is have for instance the internal address a.a.a.a make one session through the firewall natting it to b.b.b.b, the next session automaticall to c.c.c.c, the next to d.d.d.d (all from a predefined pool)? Regards, Lars. | ||||||||||||||||||||||||||||||||||
|
Posted by Lutz Donnerhacke on August 22, 2006, 6:10 am
Please log in for more thread options You can nat a single local IP to different global IPs statically depending on the various foreign IPs you are connecting to. Use "nat ... access-list" for this purpose. | ||||||||||||||||||||||||||||||||||
|
Posted by Lars Bonnesen on August 22, 2006, 3:50 pm
Please log in for more thread options
>* Lars Bonnesen wrote:
> You can nat a single local IP to different global IPs statically depending
> on the various foreign IPs you are connecting to. > > Use "nat ... access-list" for this purpose. It should be regardless is connection IP - no policy NAT. Regards, Lars. | ||||||||||||||||||||||||||||||||||
|
Posted by Walter Roberson on August 22, 2006, 12:02 pm
Please log in for more thread options >I is possible to configure a ASA5520 with ASDM 5.0 to NAT an internal IP
>adress to many external shifting IPs sequentially? >That is have for instance the internal address a.a.a.a make one session
>through the firewall natting it to b.b.b.b, the next session automaticall to >c.c.c.c, the next to d.d.d.d (all from a predefined pool)? http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/cmd_ref/gh_711.htm#wp1682258 global (mapped_ifc) nat_id {mapped_ip[-mapped_ip] [netmask mask] | interface} http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/cmd_ref/no_711.htm#wp1651008 Dynamic NAT translates a group of real addresses to a pool of mapped addresses that are routable on the destination network. The mapped pool can include fewer addresses than the real group. When a host you want to translate accesses the destination network, the security appliance assigns it an IP address from the mapped pool. The translation is added only when the real host initiates the connection. The translation is in place only for the duration of the connection, and a given user does not keep the same IP address after the translation times out | ||||||||||||||||||||||||||||||||||
|
Posted by Lars Bonnesen on August 22, 2006, 4:00 pm
Please log in for more thread options
> Dynamic NAT translates a group of real addresses to a pool of
> mapped addresses that are routable on the destination network. The > mapped pool can include fewer addresses than the real group. When a > host you want to translate accesses the destination network, the > security appliance assigns it an IP address from the mapped pool. > The translation is added only when the real host initiates the > connection. The translation is in place only for the duration of > the connection, and a given user does not keep the same IP address > after the translation times out Ok, This look like what I am asking for. I tried to configure dynamic NAT via ASDM (I am not familiar with IOS, but it looks like it's the same according to your links privided). But... it does not seem to have the intended function. What I have done is to create one "Global Address Pool" for the external interface. It includes a range of tre IP addresses. Then I have created two dynamic NAT entries. The original IP is their local address and the external address is translated to this global address pool. But what happens is that each internal access gets translated to the same external address. What I would want is that each internal address gets either a sequential or random address the the created global address pool. What have I done wrong? Is what I am trying to achive impossible? Regards, Lars. | ||||||||||||||||||||||||||||||||||
|
Home Cabling GuideFinally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language! Learn More |
> through the firewall natting it to b.b.b.b, the next session automaticall to
> c.c.c.c, the next to d.d.d.d (all from a predefined pool)?