On Thu, 17 May 2012, Peter Rathlev wrote: > On Thu, 2012-05-17 at 14:36 -0400, Andy Dills wrote: > > So, in essence, I want to consider source address when determining which > > server on the private network the traffic is NATed to. > > > > Is this possible? > > No problem. Take a look at "Configuring Dynamic NAT or Dynamic PAT": > > http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_dynamic.html#wp1081940 > > This is for 8.2 and earlier with the "old" NAT configuration style. With > version 8.3 or later the commands are different. > > Quick example: > > ! Policy NAT 20.0.0.0/24 towards 5.5.5.5 > access-list PolicyNAT-example permit ip 20.0.0.0 255.255.255.0 host 5.5.5.5 > nat (inside) 1 access-list PolicyNAT-example > global (outside) 1 10.0.0.100 > ! Regular NAT everything else > nat (inside) 2 0.0.0.0 0.0.0.0 > global (outside) 2 10.0.0.200
Yeah, I had looked at that, and it's not quite what I'm trying to accomplish. What I want is to take a single public IP and NAT it to two seperate private IPs, based on source address of the incoming request. As best I can tell policy NAT is used in situations (such as what you describe above) where you're trying to dynamically control the source of queries after translation... Thanks for your input, and for any other suggestions. Thanks, Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
