Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
614
Views
0
Helpful
2
Replies

ASA NAT Statement Best Practice

magates
Level 1
Level 1

‎06-08-2018 11:52 AM - edited ‎02-21-2020 07:51 AM

I will be setting up a VPN that requires static NAT for roughly 200 hosts, and each host must always use the same translated address. This is on an ASA 5525X running 9.6(4)3

 

My first thought is, for each host, create a network object with the local address and another network object with the translated address, and then create the appropriate NAT rule using those objects. But this seems very inefficient and will result in a lot of configuration clutter.

 

Is there a cleaner, more efficient way to approach this?

Labels:
0 Helpful
2 Replies 2

Florin Barhala
Level 6
Level 6

‎06-11-2018 01:14 AM

Had a quick look over the 9.6 NAT guide but I couldn't find any hint.
Let's see what other suggest about this.
0 Helpful

Bogdan Nita
VIP Alumni
VIP Alumni

‎06-11-2018 02:07 AM

Starting with version 8.3 you can't configure nat without configuring some object groups as well, so there is no cleaner version available, but I find that if the object have meaningful names the nat config remains readable.

Not sure if that is the case, but if you are planning to nat a range of IPs to a range of IPs you could have only one NAT rule in place.

 

HTH

Bogdan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card