Solved: Re: ASA Keep host address the same while NATing the network address

derek.small · ‎08-23-2018

Does anyone know a way to easily, statically NAT one /24 address to another /24 address, while keeping the host addresses the same. I was thinking something like this, but it doesn't seem to work. I'm trying to avoid configuring a static NAT translation for all 254 addresses on one subnet to the matching 254 addresses on the other subnet.

object network Subnet-inside
host 10.1.1.0 255.255.255.0

object network Subnet-outside
host 10.20.1.0 255.255.255.0

object network Subnet-inside

nat (inside,outside) static Subnet-outside

Rahul Govindan · ‎08-24-2018

This should work. You have to change your object to:

object network Subnet-inside
subnet 10.1.1.0 255.255.255.0

object network Subnet-outside
subnet 10.20.1.0 255.255.255.0

Also add an ACL on the outside interface like below:

access-list outside-in extended permit ip any object Subnet-inside

A Sample packet-tracer:

packet-tracer input outside tcp 4.2.2.2 12345 10.20.1.5 4$

Phase: 1
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
object network Subnet-inside
nat (inside,outside) static Subnet-outside
Additional Information:
NAT divert to egress interface inside
Untranslate 10.20.1.5/443 to 10.1.1.5/443

packet-tracer input outside tcp 4.2.2.2 12345 10.20.1.50 $

Phase: 1
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
object network Subnet-inside
nat (inside,outside) static Subnet-outside
Additional Information:
NAT divert to egress interface inside
Untranslate 10.20.1.50/443 to 10.1.1.50/443

View solution in original post

Rahul Govindan · ‎08-24-2018