Announcement

Collapse
No announcement yet.

MANY to ONE NAT - ASA 5540

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • MANY to ONE NAT - ASA 5540

    Hello Gurus,

    I have 3 ISP's. I will use CISCO ASA 5540 to translate those 3 public ip addresses of my ISP's to a single public ip address.

    That single public ip address will be used by my servers in the LAN side.

    Is this possible? MANY TO ONE nat on ASA 5540?

    Is there any existing design or setup in here?
    Help would be very welcome.

    regards,
    geeko

  • #2
    Re: MANY to ONE NAT - ASA 5540

    Moved to cisco forum for better response.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: MANY to ONE NAT - ASA 5540

      AFAIK it's not possible unless you can setup an external BGP enviroment.
      However, most of the times, you won't be allowed to set that up from you're isp's, unless you working for a very large company.

      If i'm right, the following below is just a simplified example:

      The problem lies in the routing. Why:
      Example you have the following situation (quite simplified)

      ISP1 : ip 1.1
      ISP2: Ip 2.1
      ISP3: Ip3.1

      All connected to the pix.

      So:
      ISP's
      ----------|
      ----------|PIX ASA|---- web server
      ----------|

      IF a external user, want's to connect to the website, the packages flows over one of the ISP's and go to the webserver. (For example ISP1) The webserver will respond to thoose packages, and unless you have lucky the packages will follow a random choosen route, for example ISP2.

      In this case you create some kind of spoofing, which will be dropped by the firewall.
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment

      Working...
      X