Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
844
Views
0
Helpful
4
Replies

How to perform Regular Dynamic PAT and Identity NAT use network object NAT 8.4(1)

Go to solution
clin
Level 1
Level 1

‎06-20-2011 12:12 AM - edited ‎03-11-2019 01:47 PM

hello

this is ASA5520 associate with 8.4(1). very simple scenario , three ports: inside . outside . DMZ

my problem is how to use network object NAT to perform Regular Dynamic PAT and Identity NAT.

for example, this is my configuration

**** first i configured Regular Dynamic PAT****

object network myinside

subnet 10.200.11.0 255.255.255.0

nat (inside,outside) dynamic interface

**** then , i met problem when i want to make identity NAT between inside and DMZ****

**** if i add below CLI , the first nat line will be replaced ****

**** SO IF I ADD THIS****

nat (inside,DMZ) static myinside

***** then only the new nat line binding with object "myside"****

***** if you show run nat , it will be*****

object network myinside

subnet 10.200.11.0 255.255.255.0

nat (inside,DMZ) static myinside

so anybody could advise where is my mistake ?

only one nat line could associate with one object ?

thanks for any advice!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
varrao
Level 10
Level 10

‎06-20-2011 12:18 AM

Hi Chao,

In Version 8.4.1, for object-NAT, you would need to create separate objects for eacvh nAT statement, because each object can only be binded to a single nat statement. So yes you would need to create another object for the same network to be used for a different NAT statement. You would need to create another object myinside2 for the same 10.200.11.0 network.

Hope this helps.

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

0 Helpful
4 Replies 4

Go to solution
varrao
Level 10
Level 10

‎06-20-2011 12:18 AM

Hi Chao,

In Version 8.4.1, for object-NAT, you would need to create separate objects for eacvh nAT statement, because each object can only be binded to a single nat statement. So yes you would need to create another object for the same network to be used for a different NAT statement. You would need to create another object myinside2 for the same 10.200.11.0 network.

Hope this helps.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

Go to solution
clin
Level 1
Level 1
In response to varrao

‎06-20-2011 12:33 AM

thanks Varun , sounds make sense , let me try !

0 Helpful

Go to solution
clin
Level 1
Level 1
In response to varrao

‎06-20-2011 01:26 AM

yes, you are right.

same subnet associate with different object name then it works.

thanks a lot

0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to clin

‎06-20-2011 01:29 AM

Hi Chao,

Glad that it resolved the issue for you.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card