05-22-2012 08:58 AM - edited 03-11-2019 04:09 PM
Need to setup some static NATs for some networks and IP ranges. Rather than setting up 50+ individual NAT rules I'm thinking 8.3 or 8.4 supports snat for networks?
Example
73.11.200.88/29 and 192.168.0.64/29
so
73.11.200.88 would always be static NAT for 192.168.0.64
73.11.200.89 would always be static NAT for 192.168.0.65
73.11.200.90 would always be static NAT for 192.168.0.66
Am I correct that this can be done with 1 NAT rule instead of multiple?
Can it also be done with object groups? Assuming the number of objects in each group is the same.
Thanks for the time.
05-22-2012 10:10 AM
I believe you can't achieve the below with one statement, you have to create an object group for each static NAT
73.11.200.88 would always be static NAT for 192.168.0.64
73.11.200.89 would always be static NAT for 192.168.0.65
73.11.200.90 would always be static NAT for 192.168.0.66
object network ip-1
host 192.168.0.64
nat (dmz,outside) static 73.11.200.88
object network ip-2
host 192.168.0.65
nat (dmz,outside) static 73.11.200.89
object network ip-3
host 192.168.0.66
nat (dmz,outside) static 73.11.200.90
05-22-2012 10:18 AM
Hello,
As Sid says there is no way you can do a static nat like that, unless you do like ( subnet to subnet object)
192.168.1.1-73.11.200.1
192.168.1.2-73.11.200.2
192.168.1.3-73.11.200.3
but not the way you want it...
Regards,
Do rate all the helpful posts
05-22-2012 10:22 AM
You mean if they were both identical like 73.11.200.88/29 and 192.168.0.88/29?
Then the ASA would automatically assign .88 to .88, and .89 to .89, etc?
Thanks
05-22-2012 10:35 AM
Hello,
Here is the example that will explain it to you.. This is on 8.2
static (inside,outside) 4.0.0.0 192.168.12..0 netmask 255.255.255.0
Like this the ASA will do a one to one mapping.
This is what you will need to do on 8.4 as well, how do you do it using the same ( subnets)
Regards,
Julio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide