Solved: ASA Nat re-order, renumber, existing nats, add new ones

tryingtofixit · ‎12-31-2024

I have about 50 nats most are (inside,outside) object-group network1 object-group network1 dest remobject-group network1 object-group network1

I need to add at least 50 nats above these. I need to do a:

nat (inside, outside) 1.1.1.1 2.2.2.1 dest remotegroup1...

nat(inside, outside) 1.1.1.2 2.2.2.2 dest remotegroup1 ...

(inside,outside) objectgrp objectbrp dest remotegrp remotegrp.

(inside,outside) objectgrp2 objectbrp2 dest remotegrp2 remotegrp2

So, my ip of 1.1.1.1 becomes 2.2.2.1, these need to be above my object group nats that contain 5 static ips in an object group going to remote subnets or objects

So if I

nat (inside, outside) 1 1.1.1.1 2.2.2.1 dest remotegroup1...

nat(inside, outside) 2 1.1.1.2 2.2.2.2 dest remotegroup1 ...

nat(inside, outside) 3 1.1.1.3 2.2.2.3 dest remotegroup1 ...

will this push the existing 1,2,3 NATs down and auto-renumber them and the ones below them?

tryingtofixit · ‎12-31-2024

found out the exiting nats will renumber automatically if new nats starting above them with specific line numbers.

View solution in original post

tryingtofixit · ‎12-31-2024

found out the exiting nats will renumber automatically if new nats starting above them with specific line numbers.

Marvin Rhoads · ‎12-31-2024

Glad you figured it out. FYI, the command reference section on NAT for ASA can be found here:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa-cli-reference/I-R/asa-command-ref-I-R/n-commands.html#wp9164452000

See the explanation of the optional "line" parameter for details.