ASA or not, you'll still have multiple translations active. Looking at an IP level, you can indeed have the same internal IP translated to multiple outside IP addresses. But you have to have SOMETHING make the decision about what things go which way. So, you can use tcp/udp-based rules (as noted where www goes one way or smtp goes another), or you can use a route-map. But something has to make the decision. There is not load-based sharing, or round-robin sharing on any device AFAIK. Scott
_____ From: ZEESHAN SANAULLAH [mailto:[EMAIL PROTECTED] Sent: Friday, April 04, 2008 4:18 AM To: [EMAIL PROTECTED]; [email protected] Subject: RE: [OSL | CCIE_RS] Policy Nat with IPSEC on Router is it possible to do this on ASA . I Think it is ... need confirmation ... what do u have to say about ajay's reply ... regarding nat pool ... ........................................................... If its possible with ASA ..... then ASA is connected at the back of router... we can static nat its outside IP to Public IP .. Will it be able to do Policy Nat over VPNs .... plus the router is also natting ASA Outside IP to a GLobal Static IP . I need ur help guyz ... Thanx Regars Zeeshan _____ From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [email protected] Subject: RE: [OSL | CCIE_RS] Policy Nat with IPSEC on Router Date: Thu, 3 Apr 2008 09:14:56 -0400 You can policy NAT based on different types of traffic (e.g. smtp one direction, www another) but otherwise, I believe you're going to show one active translation at any one point in time. Scott _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ZEESHAN SANAULLAH Sent: Thursday, April 03, 2008 3:32 AM To: [email protected] Subject: [OSL | CCIE_RS] Policy Nat with IPSEC on Router Hello ... Need help regarding the following issue A router is making an ipsec connection to two different routers over internet. Only a singe ip lets say 172.20.18.25 is allowed over vpn Is it possible to nat the ip to two different ips for each vpn Regards Zeeshan _____ More immediate than e-mail? Get instant access with Windows Live Messenger. <http://www.windowslive.com/messenger/overview.html?ocid=TXT_TAGLM_WL_Refres h_instantaccess_042008> _____ More immediate than e-mail? Get instant access with Windows Live Messenger. <http://www.windowslive.com/messenger/overview.html?ocid=TXT_TAGLM_WL_Refres h_instantaccess_042008>
