https://community.cisco.com/t5/network-security/asa-8-3-static-nat-and-acl/m-p/1714253#M556319 <HTML><HEAD></HEAD><BODY><P>Ian,</P><P></P><P>You are absolutely correct, you don't wanna keep any redundant configuration on your device. You can use the same object for your ACL as well.</P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Sat, 07 May 2011 11:02:04 GMT varrao 2011-05-07T11:02:04Z https://community.cisco.com/t5/network-security/asa-8-3-static-nat-and-acl/m-p/1714252#M556316 <P>Hi,</P><P></P><P>Based on the network object below, I am looking for confirmation that It is good practice to use this natted object in my ACL applied incoming to the inside interface rather than have another object specifically for the object My_PC.</P><P></P><P>I have tested and it does work, however this is my preffered option rather than having to create 2 objects, for the host and also the natted host.</P><P></P><P>ASA(config)# object network My_PC<BR />ASA(config-network-object)# host 192.168.33.2<BR />ASA(config-network-object)# nat (inside,outside) static 209.165.201.2</P><P></P><P>thanks</P><P></P><P>Ian.</P> Mon, 11 Mar 2019 20:30:29 GMT https://community.cisco.com/t5/network-security/asa-8-3-static-nat-and-acl/m-p/1714252#M556316 iwearing 2019-03-11T20:30:29Z https://community.cisco.com/t5/network-security/asa-8-3-static-nat-and-acl/m-p/1714253#M556319 <HTML><HEAD></HEAD><BODY><P>Ian,</P><P></P><P>You are absolutely correct, you don't wanna keep any redundant configuration on your device. You can use the same object for your ACL as well.</P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Sat, 07 May 2011 11:02:04 GMT https://community.cisco.com/t5/network-security/asa-8-3-static-nat-and-acl/m-p/1714253#M556319 varrao 2011-05-07T11:02:04Z https://community.cisco.com/t5/network-security/asa-8-3-static-nat-and-acl/m-p/1714254#M556322 <HTML><HEAD></HEAD><BODY><P>Varun,</P><P></P><P>Thanks for your confirmation.</P><P></P><P>If I wanted to nat the same host to another interface is the config below valid where I would have 2 nats for the object My_PC</P><P></P><P>ASA(config)# object network My_PC<BR />ASA(config-network-object)# host 192.168.33.2<BR />ASA(config-network-object)# nat (inside,outside) static 209.165.201.2</P><P>ASA(config-network-object)# nat (inside,dmz) static 172.16.100.100</P><P></P><P></P><P>thanks</P><P></P><P>Ian.</P></BODY></HTML> Sun, 08 May 2011 08:27:46 GMT https://community.cisco.com/t5/network-security/asa-8-3-static-nat-and-acl/m-p/1714254#M556322 iwearing 2011-05-08T08:27:46Z https://community.cisco.com/t5/network-security/asa-8-3-static-nat-and-acl/m-p/1714255#M556324 <HTML><HEAD></HEAD><BODY><P>Ian,</P><P></P><P>Yes you can create two nats but for different interafaces. The configuration is good and it should definitely work.</P><P>Similarly you can also create the below NAT configuration as well, its just the same but its called Manual NAT or twice nat.</P><P></P><P>ASA(config)# object network My_PC<BR />ASA(config-network-object)# host 192.168.33.2</P><P>ASA(config)#object network Public_IP</P><P>ASA(config-network-object)# host 209.165.201.2</P><P>ASA(config)# object network Remote_PC</P><P>ASA(config-network-object)# host 172.16.100.100</P><P></P><P>nat (inside,outside) source static My_PC Public_IP</P><P>nat (inside,dmz) source static&nbsp; My_PC&nbsp; Remote_PC</P><P></P><P>or</P><P></P><P></P><P>nat (outside,inside) source static any any destination static Public_IP My_PC</P><P>nat (dmz,inside) source static any any destination static Remote_PC My_PC</P><P></P><P>All the above configuration and the one that you have done are exactly same logically and hold true, but I just prefer it because in the context of a packet processing, manual nat is given preference over auto nat or object nat, so if there are some critical servers or application I usuall do Manual nat for them.</P><P>Otherwise you can go for anything that you are comfortable with.</P><P></P><P>Hope this helps.</P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Sun, 08 May 2011 15:47:16 GMT https://community.cisco.com/t5/network-security/asa-8-3-static-nat-and-acl/m-p/1714255#M556324 varrao 2011-05-08T15:47:16Z https://community.cisco.com/t5/network-security/asa-8-3-static-nat-and-acl/m-p/1714256#M556327 <HTML><HEAD></HEAD><BODY><P>Varun,</P><P></P><P>Thansk for the detailed response. Much appreciated.</P><P></P><P>Ian.</P></BODY></HTML> Tue, 10 May 2011 13:11:27 GMT https://community.cisco.com/t5/network-security/asa-8-3-static-nat-and-acl/m-p/1714256#M556327 iwearing 2011-05-10T13:11:27Z https://community.cisco.com/t5/network-security/asa-8-3-static-nat-and-acl/m-p/1714257#M556329 <HTML><HEAD></HEAD><BODY><P>Not a problem, you can message me on this thread if you face any issues with the configuration <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/images/emoticons/happy.gif"></SPAN></P><P></P><P>Cheers,</P><P>Varun</P></BODY></HTML> Tue, 10 May 2011 13:17:50 GMT https://community.cisco.com/t5/network-security/asa-8-3-static-nat-and-acl/m-p/1714257#M556329 varrao 2011-05-10T13:17:50Z