cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
186
Views
0
Helpful
1
Replies

Cisco ASA NAT 8.2 Query

prashantfile
Level 1
Level 1

Hello All,

Could anyone please let me know the difference between below two NAT configuration

Statement 1

nat (dmz) 2 10.70.0.0 255.255.255.0
global (out) 2 192.0.2.0-192.0.2.20 netmask 255.255.255.0

 

 

Statement 2

nat (dmz) 2 10.70.0.0 255.255.255.0
global (out) 2 192.0.2.0-192.0.2.20

1 Reply 1

nkarthikeyan
Level 7
Level 7

Hi Prashanth,

 

As far as i know, there is no difference between these 2 statements. if you give net mask it it takes the subnet mask for the PAT range.... but it will go out as port address translated... so makes no sense...

Without Mask:

pixfirewall(config)# sh nat

NAT policies on Interface dmz:
  match ip dmz 10.70.0.0 255.255.255.0 out any
    dynamic translation to pool 2 (192.0.2.0 - 192.0.2.20)
    translate_hits = 0, untranslate_hits = 0
  match ip dmz 10.70.0.0 255.255.255.0 dmz any
    dynamic translation to pool 2 (No matching global)
    translate_hits = 0, untranslate_hits = 0

 

With Mask:

pixfirewall(config)# sh nat

NAT policies on Interface dmz:
  match ip dmz 10.70.0.0 255.255.255.0 out any
    dynamic translation to pool 2 (192.0.2.0 - 192.0.2.20)
    translate_hits = 0, untranslate_hits = 0
  match ip dmz 10.70.0.0 255.255.255.0 dmz any
    dynamic translation to pool 2 (No matching global)
    translate_hits = 0, untranslate_hits = 0
pixfirewall(config)#

 

Regards

Karthik

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: