Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1855
Views
0
Helpful
1
Replies

ASA 8.3 Multiple NAT for one network object ?

dclee
Level 1
Level 1

‎11-06-2012 11:15 AM - edited ‎03-11-2019 05:19 PM

Currently migrating old PIX to new ASA 8.3 and I have a question re: multiple NATs for one object group.

So I have an ASA with 4 live interfaces, inside, outside, WEBDMZ1 and WEBDMZ2.

I need all outbound connections from inside network 192.168.10.0 / 24

so object network PROD_192.168.10.0

     subnet 192.168.10.0 255.255.255.0

My NAT requirements are I need to PAT all outbound to internet.

     so

     nat (inside,outside) dynamic interface

BUT I need to bypass NAT for any internal connections to webdmz1

     nat (inside,webdmz1) static PROD_192.168.10.0   

and webdmz2

     nat (inside,webdmz2) static PROD_192.168.10.0

I only seem to be able to add one NAT statement per object group What am I missing ?

Would I have to create 3 network objects with identical IP info and apply each NAT statement to each ?

             

Any help would be appreciated.

Cheers


Dave

Labels:
0 Helpful
1 Reply 1

Stuart Gall
Level 1
Level 1

‎11-06-2012 02:06 PM

You need a twice nat statement

Nat (inside,webdmz1) source static PROD_192.168.10.0 PROD_192.168.10.0 destination static DMZ DMZ
This goes outside the object blocks
You also need to define
Object network DMZ
subnet x.x.x.x M.M.M.M.M

And similarly for inside,webdmz2

Stuart

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card