Solved: ASA NAT on outside interface - different subnet

sidcracker · ‎07-04-2011

Hello

Is it possible to configure a different subnet on the outside interface only for NAT

for example if the outside interface is 192.168.168.100.1, then can we have a subnet for doing static nats such as 192.168.101.1/28. Are there any additional statements we need to add to make this work?

Thanks

Jennifer Halim · ‎07-04-2011

Yes, you can. NAT doesn't need to be in the same subnet as the outside interface subnet. As long as, there is route on the next hop device to point 192.168.101.0/28 subnet towards the outside interface (192.168.100.1).

Also, you would need to ensure that proxy arp is enabled on outside interface. By default, it is enabled.

Command to enable proxy arp:

no sysopt noproxyarp outside

View solution in original post

sidcracker · ‎07-04-2011

This is running 8.3 code

Jennifer Halim · ‎07-04-2011

Yes, you can. NAT doesn't need to be in the same subnet as the outside interface subnet. As long as, there is route on the next hop device to point 192.168.101.0/28 subnet towards the outside interface (192.168.100.1).

Also, you would need to ensure that proxy arp is enabled on outside interface. By default, it is enabled.

Command to enable proxy arp:

no sysopt noproxyarp outside

sidcracker · ‎07-04-2011

Thanks again Jennifer