https://community.cisco.com/t5/network-security/configuring-dyn-nat-on-different-subnet-than-the-outside-network/m-p/1908452#M437746 <HTML><HEAD></HEAD><BODY><P>There is no issue. The ISP should route all the packets to the new public IP to the ASA's outside IP.</P><P>You have to split the groups that will be nat-ed.</P><P></P><P></P><P>Dan</P></BODY></HTML> Thu, 03 May 2012 18:02:56 GMT Dan-Ciprian Cicioiu 2012-05-03T18:02:56Z https://community.cisco.com/t5/network-security/configuring-dyn-nat-on-different-subnet-than-the-outside-network/m-p/1908451#M437745 <P>Hi All</P><P></P><P>We have to add some nating configuration to the ones that we already have.</P><P></P><P>Actually we nat all the inside traffic from our ASA 5520 to the outside public IP.</P><P></P><P>We recently add a new public IP network from our ISP.&nbsp; We want to nat a specific inside subnet to an IP from that new public IP network.</P><P></P><P>We add a new network object rules for our inside subnet we wanted to nat from</P><P></P><P>We also add our nat instance into the same object group : nat (inside,outside) dynamic [Public IP Address]</P><P></P><P>Is there any other configuration we should add to make it works.</P><P></P><P>Note : we compare with another ASA 5520 we have and everything seems to be the same except that the public IP address is on the same subnet.</P><P></P><P>We also look at the ASA next hop, to make sure the packet are routed to the new public IP network.&nbsp; Everything seems to be ok too !</P> Mon, 11 Mar 2019 23:01:52 GMT https://community.cisco.com/t5/network-security/configuring-dyn-nat-on-different-subnet-than-the-outside-network/m-p/1908451#M437745 netadmincsm 2019-03-11T23:01:52Z https://community.cisco.com/t5/network-security/configuring-dyn-nat-on-different-subnet-than-the-outside-network/m-p/1908452#M437746 <HTML><HEAD></HEAD><BODY><P>There is no issue. The ISP should route all the packets to the new public IP to the ASA's outside IP.</P><P>You have to split the groups that will be nat-ed.</P><P></P><P></P><P>Dan</P></BODY></HTML> Thu, 03 May 2012 18:02:56 GMT https://community.cisco.com/t5/network-security/configuring-dyn-nat-on-different-subnet-than-the-outside-network/m-p/1908452#M437746 Dan-Ciprian Cicioiu 2012-05-03T18:02:56Z https://community.cisco.com/t5/network-security/configuring-dyn-nat-on-different-subnet-than-the-outside-network/m-p/1908453#M437747 <HTML><HEAD></HEAD><BODY><P>Is there a specific ACL that I need to open ?</P><P></P><P>Thank you very much.</P></BODY></HTML> Thu, 03 May 2012 18:38:05 GMT https://community.cisco.com/t5/network-security/configuring-dyn-nat-on-different-subnet-than-the-outside-network/m-p/1908453#M437747 netadmincsm 2012-05-03T18:38:05Z https://community.cisco.com/t5/network-security/configuring-dyn-nat-on-different-subnet-than-the-outside-network/m-p/1908454#M437748 <HTML><HEAD></HEAD><BODY><P>My understanding is that the ASA is used for internet access - this means the traffic is initialized on inside and going to outside. Your ASA is already configured for this - meaning that all the required inside hosts are allowed to access-l the internet - the nat will make different translations based on your rules. </P><P></P><P>If you configured the new nat rule on the same object-group , I do belive that the old one was overwritten. Can you check that ?</P><P></P><P></P><P></P><P>Dan</P></BODY></HTML> Thu, 03 May 2012 18:48:00 GMT https://community.cisco.com/t5/network-security/configuring-dyn-nat-on-different-subnet-than-the-outside-network/m-p/1908454#M437748 Dan-Ciprian Cicioiu 2012-05-03T18:48:00Z https://community.cisco.com/t5/network-security/configuring-dyn-nat-on-different-subnet-than-the-outside-network/m-p/1908455#M437749 <HTML><HEAD></HEAD><BODY><P>Sorry for the delay.&nbsp; It's been very busy around here!</P><P></P><P>Yes the old one is overwritten.</P></BODY></HTML> Wed, 09 May 2012 18:54:33 GMT https://community.cisco.com/t5/network-security/configuring-dyn-nat-on-different-subnet-than-the-outside-network/m-p/1908455#M437749 netadmincsm 2012-05-09T18:54:33Z