https://community.cisco.com/t5/network-security/pat-config-post-8-2/m-p/3798555#M7098 <P>Hi<BR /><BR />You used nat command with source static which is wrong because you want to do PAT.<BR /><BR />The config should be:<BR /><BR />nat (inside,outside) after-auto source dynamic PAT_ONE interface<BR />nat (inside,outside) <SPAN>after-auto </SPAN>source dynamic PAT_TWO PUB_TWO<BR /><BR />If you want to validate the config you converted, you can use these tools:<BR />- Cisco tool: <A href="https://fwm.cisco.com/auth.do" target="_blank">https://fwm.cisco.com/auth.do</A><BR />- Tunnelsup tool: <A href="https://www.tunnelsup.com/nat-converter/" target="_blank">https://www.tunnelsup.com/nat-converter/</A></P> Sun, 10 Feb 2019 02:47:37 GMT Francesco Molino 2019-02-10T02:47:37Z https://community.cisco.com/t5/network-security/pat-config-post-8-2/m-p/3798549#M7094 <P>Hi All!</P> <P>So I have avoided the new form of NAT config for as long as I can. I downgraded my ASA 5585-X to 8.2 to avoid it. But now I must get it up to the latest code. I have been searching, but to no avail, how to handle the PAT in this new form.</P> <P>My current config of course has</P> <PRE>global (outside) 1 interface global (outside) 2 x.x.x.x</PRE> <P>The new base config after loading ASA 9.10 has this</P> <PRE>object network obj_any nat (any,outside) dynamic interface </PRE> <P>Is this the new PAT config? How would I handle multiple PATs? I would assume creating object-groups with the networks I want to use in each pat?</P> <PRE>object network obj_pub_2 1.1.1.1 object network ten subnet 10.0.0.0 255.255.255.0 object network one subnet 10.1.0.0 255.255.255.0 object network two subnet 10.2.0.0 255.255.255.0 object network three subnet 10.3.0.0 255.255.255.0 object-group network PAT_ONE network-object object ten network-object object one object-group PAT_TWO network-object object two network-object object three object-group PUB_TWO network-object object obj_pub_2 ! nat (inside,outside) after-auto source static PAT_ONE interface nat (inside,outside) after-auto source static PAT_TWO PUB_TWO </PRE> <P>Am I on the right track here?</P> Fri, 21 Feb 2020 16:47:40 GMT https://community.cisco.com/t5/network-security/pat-config-post-8-2/m-p/3798549#M7094 cyoung1981 2020-02-21T16:47:40Z https://community.cisco.com/t5/network-security/pat-config-post-8-2/m-p/3798555#M7098 <P>Hi<BR /><BR />You used nat command with source static which is wrong because you want to do PAT.<BR /><BR />The config should be:<BR /><BR />nat (inside,outside) after-auto source dynamic PAT_ONE interface<BR />nat (inside,outside) <SPAN>after-auto </SPAN>source dynamic PAT_TWO PUB_TWO<BR /><BR />If you want to validate the config you converted, you can use these tools:<BR />- Cisco tool: <A href="https://fwm.cisco.com/auth.do" target="_blank">https://fwm.cisco.com/auth.do</A><BR />- Tunnelsup tool: <A href="https://www.tunnelsup.com/nat-converter/" target="_blank">https://www.tunnelsup.com/nat-converter/</A></P> Sun, 10 Feb 2019 02:47:37 GMT https://community.cisco.com/t5/network-security/pat-config-post-8-2/m-p/3798555#M7098 Francesco Molino 2019-02-10T02:47:37Z https://community.cisco.com/t5/network-security/pat-config-post-8-2/m-p/3798557#M7100 <P>Thanks so much! Everything else looks correct?</P> Sun, 10 Feb 2019 02:50:02 GMT https://community.cisco.com/t5/network-security/pat-config-post-8-2/m-p/3798557#M7100 cyoung1981 2019-02-10T02:50:02Z https://community.cisco.com/t5/network-security/pat-config-post-8-2/m-p/3798558#M7103 Objects yes.<BR /><BR />Just a remark regarding the following nat:<BR />object network obj_any<BR /> nat (any,outside) dynamic interface<BR /><BR />Avoid using any and replace it with the real interface name. Sun, 10 Feb 2019 02:52:05 GMT https://community.cisco.com/t5/network-security/pat-config-post-8-2/m-p/3798558#M7103 Francesco Molino 2019-02-10T02:52:05Z