Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
500
Views
0
Helpful
2
Replies

ASA NAT Statement Best Practice

magates
Beginner
Beginner

‎06-08-2018 11:52 AM - edited ‎02-21-2020 07:51 AM

I will be setting up a VPN that requires static NAT for roughly 200 hosts, and each host must always use the same translated address. This is on an ASA 5525X running 9.6(4)3

 

My first thought is, for each host, create a network object with the local address and another network object with the translated address, and then create the appropriate NAT rule using those objects. But this seems very inefficient and will result in a lot of configuration clutter.

 

Is there a cleaner, more efficient way to approach this?

Labels:
0 Helpful
2 Replies 2

Florin Barhala
Frequent Contributor
Frequent Contributor

‎06-11-2018 01:14 AM

Had a quick look over the 9.6 NAT guide but I couldn't find any hint.
Let's see what other suggest about this.
0 Helpful

Bogdan Nita
Rising star
Rising star

‎06-11-2018 02:07 AM

Starting with version 8.3 you can't configure nat without configuring some object groups as well, so there is no cleaner version available, but I find that if the object have meaningful names the nat config remains readable.

Not sure if that is the case, but if you are planning to nat a range of IPs to a range of IPs you could have only one NAT rule in place.

 

HTH

Bogdan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents