https://community.cisco.com/t5/network-security/multiple-static-source-nats-to-multiple-static-destination-nats/m-p/2591438#M203492 <P>Hi,</P><P>I think the only other possible way to reduce the NAT statements would be to use the object groups in the NAT statements.</P><P>Object-group network source</P><P>object src1</P><P>object src2</P><P>object src3</P><P>Object-group network destination</P><P>object dest1</P><P>object dest2</P><P>object dest3</P><P><EM><STRONG>nat (inside,outside) source static source source-translated destination static destination-translated destination</STRONG></EM></P><P>Thanks and Regards,</P><P>Vibhor Amrodia</P> Sat, 22 Nov 2014 09:26:40 GMT Vibhor Amrodia 2014-11-22T09:26:40Z https://community.cisco.com/t5/network-security/multiple-static-source-nats-to-multiple-static-destination-nats/m-p/2591436#M203490 <P>I have been presented with a NAT scenario that I'm trying to work though, basically it is a src and dst nat like so:</P><P><EM><STRONG>nat (inside,outside) source static src1-original src1-translated destination static dst1-original dst1-translated</STRONG></EM></P><P>&nbsp;</P><P>The twist is there are a large number of (random) source nats, over 100 of them, so it then looks like so:</P><P><EM><STRONG>nat (inside,outside) source static src1-original src1-translated destination static dst1-original dst1-translated</STRONG></EM></P><P><EM><STRONG>nat (inside,outside) source static src2-original src2-translated destination static dst1-original dst1-translated</STRONG></EM></P><P><EM><STRONG>nat (inside,outside) source static src3-original src3-translated destination static dst1-original dst1-translated</STRONG></EM></P><P>&nbsp;</P><P>Now the plot thickens... they also have 100+ random dst NATs we need to account for... for an example of 3 servers on each side, that's 9 lines of nat:</P><P><EM><STRONG>nat (inside,outside) source static src1-original src1-translated destination static dst1-original dst1-translated</STRONG></EM></P><P><EM><STRONG>nat (inside,outside) source static src2-original src2-translated destination static dst1-original dst1-translated</STRONG></EM></P><P><EM><STRONG>nat (inside,outside) source static src3-original src3-translated destination static dst1-original dst1-translated</STRONG></EM></P><P><EM><STRONG>nat (inside,outside) source static src1-original src1-translated destination static dst2-original dst2-translated</STRONG></EM></P><P><EM><STRONG>nat (inside,outside) source static src2-original src2-translated destination static dst2-original dst2-translated</STRONG></EM></P><P><EM><STRONG>nat (inside,outside) source static src3-original src3-translated destination static dst2-original dst2-translated</STRONG></EM></P><P><EM><STRONG>nat (inside,outside) source static src1-original src1-translated destination static dst3-original dst3-translated</STRONG></EM></P><P><EM><STRONG>nat (inside,outside) source static src2-original src2-translated destination static dst3-original dst3-translated</STRONG></EM></P><P><EM><STRONG>nat (inside,outside) source static src3-original src3-translated destination static dst3-original dst3-translated</STRONG></EM></P><P>&nbsp;</P><P>If we get up to 100 servers on each side, a static mesh of these NATs gets up to 10000 lines of NAT. Eeek! I've been trying to lab out other ways to do this more effectively but am stumped. Is there a better way to go about this?</P><P>&nbsp;</P><P>Thanks!</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 12 Mar 2019 05:07:25 GMT https://community.cisco.com/t5/network-security/multiple-static-source-nats-to-multiple-static-destination-nats/m-p/2591436#M203490 parsonsproject1 2019-03-12T05:07:25Z https://community.cisco.com/t5/network-security/multiple-static-source-nats-to-multiple-static-destination-nats/m-p/2591437#M203491 <P>If I can have it evaluate&nbsp;NAT two different times&nbsp;that could help reduce it to 200 lines if there are 100 servers on each side.&nbsp;The first pass-through does the src translation:</P><P style="font-size: 14px;"><EM><STRONG>nat (inside,outside) source static src1-original src1-translated destination static dst-subnet-original dst-subnet-original</STRONG></EM></P><P style="font-size: 14px;"><EM style="font-size: 14px;"><STRONG>nat (inside,outside) source static src2-original src2-translated destination static dst-subnet-original dst-subnet-original</STRONG></EM></P><P style="font-size: 14px;"><EM style="font-size: 14px;"><STRONG>nat (inside,outside) source static src3-original src3-translated destination static dst-subnet-original dst-subnet-original</STRONG></EM></P><P style="font-size: 14px;">&nbsp;</P><P>After the source is translated then the second pass-through&nbsp;evaluates does the&nbsp;dst translation:</P><P style="font-size: 14px;"><EM><STRONG>nat (inside,outside) source static </STRONG></EM><EM style="font-size: 14px;"><STRONG>src-subnet-translated</STRONG></EM><EM><STRONG>&nbsp;</STRONG></EM><EM style="font-size: 14px;"><STRONG>src-subnet-translated&nbsp;</STRONG></EM><EM><STRONG>destination static </STRONG></EM><EM style="font-size: 14px;"><STRONG>dst1-original dst1-translated</STRONG></EM></P><P style="font-size: 14px;"><EM><STRONG>nat (inside,outside) source static </STRONG></EM><EM style="font-size: 14px;"><STRONG>src-subnet-translated</STRONG></EM><EM style="font-size: 14px;"><STRONG>&nbsp;</STRONG></EM><EM style="font-size: 14px;"><STRONG>src-subnet-translated</STRONG></EM><EM><STRONG> destination static </STRONG></EM><EM style="font-size: 14px;"><STRONG>dst2-original dst2-translated</STRONG></EM></P><P style="font-size: 14px;"><EM><STRONG>nat (inside,outside) source static </STRONG></EM><EM style="font-size: 14px;"><STRONG>src-subnet-translated</STRONG></EM><EM style="font-size: 14px;"><STRONG>&nbsp;</STRONG></EM><EM style="font-size: 14px;"><STRONG>src-subnet-translated</STRONG></EM><EM><STRONG> destination static </STRONG></EM><EM style="font-size: 14px;"><STRONG>dst3-original dst3-translated</STRONG></EM></P> Fri, 21 Nov 2014 22:43:02 GMT https://community.cisco.com/t5/network-security/multiple-static-source-nats-to-multiple-static-destination-nats/m-p/2591437#M203491 parsonsproject1 2014-11-21T22:43:02Z https://community.cisco.com/t5/network-security/multiple-static-source-nats-to-multiple-static-destination-nats/m-p/2591438#M203492 <P>Hi,</P><P>I think the only other possible way to reduce the NAT statements would be to use the object groups in the NAT statements.</P><P>Object-group network source</P><P>object src1</P><P>object src2</P><P>object src3</P><P>Object-group network destination</P><P>object dest1</P><P>object dest2</P><P>object dest3</P><P><EM><STRONG>nat (inside,outside) source static source source-translated destination static destination-translated destination</STRONG></EM></P><P>Thanks and Regards,</P><P>Vibhor Amrodia</P> Sat, 22 Nov 2014 09:26:40 GMT https://community.cisco.com/t5/network-security/multiple-static-source-nats-to-multiple-static-destination-nats/m-p/2591438#M203492 Vibhor Amrodia 2014-11-22T09:26:40Z https://community.cisco.com/t5/network-security/multiple-static-source-nats-to-multiple-static-destination-nats/m-p/2591439#M203493 <P>Thank you Vibhor that worked as expected during my testing!&nbsp;Using object-groups if it finds a match on let's say line 43 of the original source, it will go to line 43 for the translated-source object-group. So as long as the original source and translated source line up on the same lines between the two object groups, that works!</P><P>&nbsp;</P><P>Thanks again!</P> Mon, 24 Nov 2014 16:05:21 GMT https://community.cisco.com/t5/network-security/multiple-static-source-nats-to-multiple-static-destination-nats/m-p/2591439#M203493 parsonsproject1 2014-11-24T16:05:21Z