topic Help with NAT Problem from using ASDM software in Network Security https://community.cisco.com/t5/network-security/help-with-nat-problem-from-using-asdm-software/m-p/1543735#M579052 <P>Hi,</P><P></P><P>Please could somone help me with a NAT issue. What I would like to do is NAT a device which sits within the F5_LTM interface (10.224.192.0/20).</P><P>I need to NAT the source address of 10.224.200.8 to 10.224.192.12 when it hits the inside interface.</P><P>I made a change using the asdm software to add the following NAT.</P><P></P><P>static (F5_LTM_SBS,SBS_Inside) 10.224.200.8 10.224.192.12 netmask 255.255.255.255</P><P></P><P>As the NAT above was added below the network NAT statement (below) I moved it above this as I thought it would need to hit this first like an access-list. When I did this it prevented traffic from the inside accessing 10.224.192.0/20 network.&nbsp; </P><P></P><P>static (F5_LTM_SBS,SBS_Inside) 10.224.192.0 10.224.192.0 netmask 255.255.240.0</P><P></P><P>interface GigabitEthernet1/2<BR /> nameif F5_LTM</P><P> security-level 50<BR /> ip address 10.224.192.255 255.255.240.0</P><P></P><P>interface GigabitEthernet0/1<BR /> nameif Inside<BR /> security-level 100</P><P> ip address 10.224.1.2 255.255.255.240</P><P></P><P>Can anyone advice if what I'm trying to achive is possible? Was I correct in trying to move the specific NAT above the less specfic NAT and if so how can I do this on the command line. I think using the ASDM has made additional changes I waasn't aware of.</P><P></P><P>What do people think of using the ASDM software?</P><P></P><P>Thanks</P> Wed, 13 Mar 2019 01:01:20 GMT darrenriley5 2019-03-13T01:01:20Z Help with NAT Problem from using ASDM software https://community.cisco.com/t5/network-security/help-with-nat-problem-from-using-asdm-software/m-p/1543735#M579052 <P>Hi,</P><P></P><P>Please could somone help me with a NAT issue. What I would like to do is NAT a device which sits within the F5_LTM interface (10.224.192.0/20).</P><P>I need to NAT the source address of 10.224.200.8 to 10.224.192.12 when it hits the inside interface.</P><P>I made a change using the asdm software to add the following NAT.</P><P></P><P>static (F5_LTM_SBS,SBS_Inside) 10.224.200.8 10.224.192.12 netmask 255.255.255.255</P><P></P><P>As the NAT above was added below the network NAT statement (below) I moved it above this as I thought it would need to hit this first like an access-list. When I did this it prevented traffic from the inside accessing 10.224.192.0/20 network.&nbsp; </P><P></P><P>static (F5_LTM_SBS,SBS_Inside) 10.224.192.0 10.224.192.0 netmask 255.255.240.0</P><P></P><P>interface GigabitEthernet1/2<BR /> nameif F5_LTM</P><P> security-level 50<BR /> ip address 10.224.192.255 255.255.240.0</P><P></P><P>interface GigabitEthernet0/1<BR /> nameif Inside<BR /> security-level 100</P><P> ip address 10.224.1.2 255.255.255.240</P><P></P><P>Can anyone advice if what I'm trying to achive is possible? Was I correct in trying to move the specific NAT above the less specfic NAT and if so how can I do this on the command line. I think using the ASDM has made additional changes I waasn't aware of.</P><P></P><P>What do people think of using the ASDM software?</P><P></P><P>Thanks</P> Wed, 13 Mar 2019 01:01:20 GMT https://community.cisco.com/t5/network-security/help-with-nat-problem-from-using-asdm-software/m-p/1543735#M579052 darrenriley5 2019-03-13T01:01:20Z Re: Help with NAT Problem from using ASDM software https://community.cisco.com/t5/network-security/help-with-nat-problem-from-using-asdm-software/m-p/1543736#M579054 <HTML><HEAD></HEAD><BODY><P>ASDM is pretty useful for most people. It is worth doing a sanity check for commands it pushes, but users are mostly satified.</P><P></P><P>As for your nat, if you have 2 statics that conflict (include same ip addresses), then you would need to match the first one and the secnd will not take effect. So what you saw there probably makes sense.</P><P></P><P>Notice though that if</P><P></P><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote">static (F5_LTM_SBS,SBS_Inside) 10.224.200.8 10.224.192.12 netmask 255.255.255.255</PRE><P></P><P>is above</P><P></P><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote">static (F5_LTM_SBS,SBS_Inside) 10.224.192.0 10.224.192.0 netmask 255.255.240.0</PRE><P></P><P></P><P>then the user 10.224.192.12 will not be translated to itseld when going to SBS_Inside.</P><P></P><P>I hope it helps.</P><P></P><P>PK</P></BODY></HTML> Tue, 30 Nov 2010 17:35:19 GMT https://community.cisco.com/t5/network-security/help-with-nat-problem-from-using-asdm-software/m-p/1543736#M579054 Panos Kampanakis 2010-11-30T17:35:19Z