06-08-2018 11:52 AM - edited 02-21-2020 07:51 AM
I will be setting up a VPN that requires static NAT for roughly 200 hosts, and each host must always use the same translated address. This is on an ASA 5525X running 9.6(4)3
My first thought is, for each host, create a network object with the local address and another network object with the translated address, and then create the appropriate NAT rule using those objects. But this seems very inefficient and will result in a lot of configuration clutter.
Is there a cleaner, more efficient way to approach this?
06-11-2018 01:14 AM
06-11-2018 02:07 AM
Starting with version 8.3 you can't configure nat without configuring some object groups as well, so there is no cleaner version available, but I find that if the object have meaningful names the nat config remains readable.
Not sure if that is the case, but if you are planning to nat a range of IPs to a range of IPs you could have only one NAT rule in place.
HTH
Bogdan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide