cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


411
Views
0
Helpful
2
Replies
Highlighted
Beginner

ASA 8.4 NAT

I need to NAT some subnets to one IP and other subnets to another IP. The range command want work because some of the subnets are out of order.

For example  subnets 192.168.1.0 - 192.168.7.0 and 192.168.25.0, 192.168.28.0 nat'd to 1.1.1.1.  subnet 192.168.26.0-192.168.27.0 nat'd to 1.1.1.2

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

ASA 8.4 NAT

object network obj-range-192.168.1.0-7.0

   range 192.168.1.0 192.168.7.255

object network obj-192.168.25.0

  subnet 192.168.25.0 255.255.255.0

object network obj-192.168.28.0

  subnet 192.168.28.0 255.255.255.0

object-group network group-for-pat1.1.1.1

  network-object object obj-range-192.168.1.0-7.0

  network-object object obj-192.168.25.0

  network-object object obj-192.168.28.0

object network obj-1.1.1.1

  host 1.1.1.1

nat (inside,outside) source dynamic group-for-pat1.1.1.1 obj-1.1.1.1

object network range-192.168.26.0-27.0

  range 192.168.26.0 192.168.27.255

  nat (inside,outside) dynamic 1.1.1.2

2 REPLIES 2
Cisco Employee

ASA 8.4 NAT

object network obj-range-192.168.1.0-7.0

   range 192.168.1.0 192.168.7.255

object network obj-192.168.25.0

  subnet 192.168.25.0 255.255.255.0

object network obj-192.168.28.0

  subnet 192.168.28.0 255.255.255.0

object-group network group-for-pat1.1.1.1

  network-object object obj-range-192.168.1.0-7.0

  network-object object obj-192.168.25.0

  network-object object obj-192.168.28.0

object network obj-1.1.1.1

  host 1.1.1.1

nat (inside,outside) source dynamic group-for-pat1.1.1.1 obj-1.1.1.1

object network range-192.168.26.0-27.0

  range 192.168.26.0 192.168.27.255

  nat (inside,outside) dynamic 1.1.1.2

Beginner

ASA 8.4 NAT

Thanks Jennifer for you help. This is going to work perfectly.