https://community.cisco.com/t5/network-security/nat-question/m-p/1225286#M835563 <P>I have a general NAT question I hope you can help us with. We are converting from a large public ip address block (no NAT whatsoever) into a private address space using a combination of NAT / PAT, etc.</P><P></P><P>I think the ASA can do this without issue (version 8.04), but want to verify. On the Outside interface I have a completely different subnet than the public space I have inside. (Basically a /30 on the outside to the provider and a large /19 on the inside). Now, can I NAT this /19 to the Outside interface even though is is on a different subnet than the /30 assigned to the Outside?</P><P></P><P>Example (ip's changed to preserve the innocent):</P><P></P><P>Outside IP = 23.2.2.2 /30 (apologies to whoever owns this space)</P><P></P><P>Inside IP = 167.2.0.0 /19 (more apologies)</P><P></P><P>Can I NAT that 167.2.0.0 /19 to the Outside without issue?</P><P></P><P>Thanks for your assistance!</P><P></P><P>Jim</P> Mon, 11 Mar 2019 15:34:00 GMT jim_berlow 2019-03-11T15:34:00Z https://community.cisco.com/t5/network-security/nat-question/m-p/1225286#M835563 <P>I have a general NAT question I hope you can help us with. We are converting from a large public ip address block (no NAT whatsoever) into a private address space using a combination of NAT / PAT, etc.</P><P></P><P>I think the ASA can do this without issue (version 8.04), but want to verify. On the Outside interface I have a completely different subnet than the public space I have inside. (Basically a /30 on the outside to the provider and a large /19 on the inside). Now, can I NAT this /19 to the Outside interface even though is is on a different subnet than the /30 assigned to the Outside?</P><P></P><P>Example (ip's changed to preserve the innocent):</P><P></P><P>Outside IP = 23.2.2.2 /30 (apologies to whoever owns this space)</P><P></P><P>Inside IP = 167.2.0.0 /19 (more apologies)</P><P></P><P>Can I NAT that 167.2.0.0 /19 to the Outside without issue?</P><P></P><P>Thanks for your assistance!</P><P></P><P>Jim</P> Mon, 11 Mar 2019 15:34:00 GMT https://community.cisco.com/t5/network-security/nat-question/m-p/1225286#M835563 jim_berlow 2019-03-11T15:34:00Z https://community.cisco.com/t5/network-security/nat-question/m-p/1225287#M835564 <HTML><HEAD></HEAD><BODY><P>Jim</P><P></P><P>Yes no problem. I'm assuming you mean hide all the 167.2.0.0/19 addresses behind 23.2.2.2 ? </P><P></P><P>If so </P><P></P><P>nat (inside) 1 167.2.0.0 255.255.224.0 </P><P>global (outside) 1 interface</P><P></P><P>If i have misunderstood let me know.</P><P></P><P>Jon</P></BODY></HTML> Tue, 19 May 2009 15:25:55 GMT https://community.cisco.com/t5/network-security/nat-question/m-p/1225287#M835564 Jon Marshall 2009-05-19T15:25:55Z https://community.cisco.com/t5/network-security/nat-question/m-p/1225288#M835565 <HTML><HEAD></HEAD><BODY><P>Thanks, Jon - that is part of it.</P><P></P><P>How about if we have public servers on an IP address example 167.2.1.1 (SMTP)? Can I simply create a statement like this and will this work? This host is currently assigned the public IP 167.2.1.1 right on its tcp/ip stack and it will now be assigned a private address like 10.1.226.223 (assume I have done all the routing inside correctly, etc).</P><P></P><P>static (Inside,Outside) tcp 167.2.1.1 25 10.1.226.223 25 netmask 255.255.255.255</P><P></P><P>Thanks for your help,</P><P>Jim</P></BODY></HTML> Tue, 19 May 2009 15:38:12 GMT https://community.cisco.com/t5/network-security/nat-question/m-p/1225288#M835565 jim_berlow 2009-05-19T15:38:12Z https://community.cisco.com/t5/network-security/nat-question/m-p/1225289#M835566 <HTML><HEAD></HEAD><BODY><P>Jim</P><P></P><P>As long as any requests for 167.2.1.1 are routed to the outside interface of your ASA from the Internet then yes you should be fine.</P><P></P><P>Jon</P></BODY></HTML> Tue, 19 May 2009 15:41:00 GMT https://community.cisco.com/t5/network-security/nat-question/m-p/1225289#M835566 Jon Marshall 2009-05-19T15:41:00Z https://community.cisco.com/t5/network-security/nat-question/m-p/1225290#M835567 <HTML><HEAD></HEAD><BODY><P>Thanks, Jon. That is exactly what I wanted to verify.</P></BODY></HTML> Tue, 19 May 2009 15:45:07 GMT https://community.cisco.com/t5/network-security/nat-question/m-p/1225290#M835567 jim_berlow 2009-05-19T15:45:07Z