topic Regular Dynamic PAT statements in ASA 8.3. in Network Security https://community.cisco.com/t5/network-security/regular-dynamic-pat-statements-in-asa-8-3/m-p/1855076#M459107 <HTML><HEAD></HEAD><BODY><P>object network INSIDE_10.6</P><P>nat (inside,outside) dynamic PAT</P><P>object network INSIDE_192.168</P><P>nat (inside,outside) dynamic PAT&nbsp;&nbsp;&nbsp; </P><P></P><P>use the ingress and egress interface name instead of any any or atleast define the name of the ingress interface.</P><P></P><P>now if you only define the name of the ingress interface any traffic that is coming from the specified source will follow this nat rule for going out all the interface.</P><P></P><P>best way to do it is to specifiy the ingress and egress both the interfaces in the nat rule.</P><P></P><P>now to your second question you can use the same public IP object group (PAT) for both inside networks.</P><P></P><P>also configure the routes accordingly.</P></BODY></HTML> Mon, 20 Feb 2012 14:53:42 GMT Amit Rai 2012-02-20T14:53:42Z Regular Dynamic PAT statements in ASA 8.3. https://community.cisco.com/t5/network-security/regular-dynamic-pat-statements-in-asa-8-3/m-p/1855075#M459104 <P>Hello,</P><P></P><P></P><P>Could you please verify this configuration:</P><P></P><P>I have 2 inside networks:</P><P></P><P>object network INSIDE_10.6</P><P>subnet 10.6.0.0 255.255.0.0</P><P></P><P>object network INSIDE_192.168</P><P>subnet 192.168.0.0 255.255.255.0</P><P></P><P>I grouped these 2 into 1 object-group:</P><P></P><P>object-group network INSIDE</P><P>network-object object INSIDE_10.6</P><P>network-object object INSIDE_192.168</P><P></P><P></P><P>Public IP address used for PAT:</P><P></P><P>object network PAT</P><P>host 152.x.x.x</P><P></P><P>I used the following statement to create Dynamic PAT to public IP address:</P><P></P><P>object network INSIDE_10.6</P><P>nat (any,any) dynamic PAT</P><P>object network INSIDE_192.168</P><P>nat (any,any) dynamic PAT&nbsp;&nbsp;&nbsp; </P><P></P><P>Is that correct?</P><P>Also I'm using one public address to PAT both inside networks. Is there any advantage of using 2 different ones, so each inside network would be PAT to its own address?</P><P></P><P>Thanks,</P><P></P><P>forman&nbsp; </P> Mon, 11 Mar 2019 22:32:30 GMT https://community.cisco.com/t5/network-security/regular-dynamic-pat-statements-in-asa-8-3/m-p/1855075#M459104 forman102 2019-03-11T22:32:30Z Regular Dynamic PAT statements in ASA 8.3. https://community.cisco.com/t5/network-security/regular-dynamic-pat-statements-in-asa-8-3/m-p/1855076#M459107 <HTML><HEAD></HEAD><BODY><P>object network INSIDE_10.6</P><P>nat (inside,outside) dynamic PAT</P><P>object network INSIDE_192.168</P><P>nat (inside,outside) dynamic PAT&nbsp;&nbsp;&nbsp; </P><P></P><P>use the ingress and egress interface name instead of any any or atleast define the name of the ingress interface.</P><P></P><P>now if you only define the name of the ingress interface any traffic that is coming from the specified source will follow this nat rule for going out all the interface.</P><P></P><P>best way to do it is to specifiy the ingress and egress both the interfaces in the nat rule.</P><P></P><P>now to your second question you can use the same public IP object group (PAT) for both inside networks.</P><P></P><P>also configure the routes accordingly.</P></BODY></HTML> Mon, 20 Feb 2012 14:53:42 GMT https://community.cisco.com/t5/network-security/regular-dynamic-pat-statements-in-asa-8-3/m-p/1855076#M459107 Amit Rai 2012-02-20T14:53:42Z