https://community.cisco.com/t5/network-security/nat-solution/m-p/2887830#M155029 <P>Here I am considering that you want to translate 192,169.1.100-110 range of IP address into 10.20.1.100-110 raneg if IP addresses so that application existing in subnet 10.20.1.0/24 can access network behind ASA-1 as their local network.</P> <P>NAT configuration :-</P> <P>ASA-1&gt;&gt;</P> <P>object network obj-192.168.1.100-110<BR />&nbsp;range 192.168.1.100 192.168.1.110<BR />object network obj-10.20.1.100-110<BR />&nbsp;range 10.20.1.100 10.20.1.110</P> <P>nat (outside,inside) source static any any destination static obj-10.20.1.100-110 obj-192.168.1.100-110</P> <P>ASA-2&gt;&gt;</P> <P>object network obj-10.20.1.100-110<BR />&nbsp;range 10.20.1.100 10.20.1.110<BR />object network obj-192.168.1.100-110<BR />&nbsp;range 192.168.1.100 192.168.1.110</P> <P>nat (inside,outside) source static any any destination static obj-10.20.1.100-110 obj-192.168.1.100-110</P> <P>--------END OF CONFIGURATION----------</P> <P>As per the above natting configuration, application located in ASA-2 network will be able to access 192.168.1.100-110 network located in ASA-1 network through local subnet of 10.20.1.100-110.</P> <P></P> <P></P> Fri, 08 Apr 2016 02:36:51 GMT kkhapeka 2016-04-08T02:36:51Z https://community.cisco.com/t5/network-security/nat-solution/m-p/2887828#M155027 <P>Hi,</P> <P></P> <P>PFA, I need to add inside network 192.168.1.100-110(10 host) &nbsp;of ASA1 into DMZ(10.20.1.100) of ASA2 for application.&nbsp;</P> <P>is it possible to achieve it using NAT on ASA1 firewall.</P> <P></P> <P>Please help me to write NAT configuration on firewall.</P> Tue, 12 Mar 2019 07:35:26 GMT https://community.cisco.com/t5/network-security/nat-solution/m-p/2887828#M155027 mynetwork014 2019-03-12T07:35:26Z https://community.cisco.com/t5/network-security/nat-solution/m-p/2887829#M155028 <P>Hello...</P> <P>ASA1 should first know how to get into DMZ network behind ASA2. If you already have this routing properly, and want your source to keep as original, you can use twice NAT as follows:</P> <P></P> <P>ASA1 config</P> <P>object-group network obj_192.168.1.100-110</P> <P>&nbsp;network-object host 192.168.1.100</P> <P>... (add all hosts on the range you want)</P> <P>&nbsp;network-object host 192.168.1.110</P> <P>!</P> <P>object network obj_10.20.1.100_DMZ</P> <P>&nbsp;host 10.20.1.100</P> <P>!</P> <P>nat (inside,outside) source static obj_192.168.1.100-110 obj_192.168.1.100-110 destination static obj_10.20.1.100_DMZ obj_10.20.1.100_DMZ</P> <P></P> <P>ASA2 config:</P> <P></P> <P>object-group network obj_192.168.1.100-110</P> <P>&nbsp;network-object host 192.168.1.100</P> <P>... (add all hosts on the range you want)</P> <P>&nbsp;network-object host 192.168.1.110</P> <P>!</P> <P>object network obj_10.20.1.100_DMZ</P> <P>&nbsp;host 10.20.1.100</P> <P>!</P> <P>nat (inside,DMZ) source static obj_192.168.1.100-110 obj_192.168.1.100-110 destination static obj_10.20.1.100_DMZ obj_10.20.1.100_DMZ</P> <P></P> <P>Let me know if it helps. If needed, attach your configs.</P> <P></P> <P>Cheers!</P> <P></P> <P></P> Wed, 06 Apr 2016 21:10:18 GMT https://community.cisco.com/t5/network-security/nat-solution/m-p/2887829#M155028 Sergio Ceron Ramirez 2016-04-06T21:10:18Z https://community.cisco.com/t5/network-security/nat-solution/m-p/2887830#M155029 <P>Here I am considering that you want to translate 192,169.1.100-110 range of IP address into 10.20.1.100-110 raneg if IP addresses so that application existing in subnet 10.20.1.0/24 can access network behind ASA-1 as their local network.</P> <P>NAT configuration :-</P> <P>ASA-1&gt;&gt;</P> <P>object network obj-192.168.1.100-110<BR />&nbsp;range 192.168.1.100 192.168.1.110<BR />object network obj-10.20.1.100-110<BR />&nbsp;range 10.20.1.100 10.20.1.110</P> <P>nat (outside,inside) source static any any destination static obj-10.20.1.100-110 obj-192.168.1.100-110</P> <P>ASA-2&gt;&gt;</P> <P>object network obj-10.20.1.100-110<BR />&nbsp;range 10.20.1.100 10.20.1.110<BR />object network obj-192.168.1.100-110<BR />&nbsp;range 192.168.1.100 192.168.1.110</P> <P>nat (inside,outside) source static any any destination static obj-10.20.1.100-110 obj-192.168.1.100-110</P> <P>--------END OF CONFIGURATION----------</P> <P>As per the above natting configuration, application located in ASA-2 network will be able to access 192.168.1.100-110 network located in ASA-1 network through local subnet of 10.20.1.100-110.</P> <P></P> <P></P> Fri, 08 Apr 2016 02:36:51 GMT https://community.cisco.com/t5/network-security/nat-solution/m-p/2887830#M155029 kkhapeka 2016-04-08T02:36:51Z https://community.cisco.com/t5/network-security/nat-solution/m-p/2887831#M155030 <P>Thanks for explanation.</P> <P></P> <P>I will inform you once i do with this configuration.</P> Sat, 09 Apr 2016 19:39:45 GMT https://community.cisco.com/t5/network-security/nat-solution/m-p/2887831#M155030 mynetwork014 2016-04-09T19:39:45Z https://community.cisco.com/t5/network-security/nat-solution/m-p/2887832#M155031 <P>Did you get it working?</P> Wed, 18 May 2016 19:07:34 GMT https://community.cisco.com/t5/network-security/nat-solution/m-p/2887832#M155031 Sergio Ceron Ramirez 2016-05-18T19:07:34Z