02-12-2014 11:19 AM - edited 03-11-2019 08:44 PM
Hello, pre 8.3 I would use the Name Command and static map a public IP to a private IP as follows:
name 12.236.93.72 InsideHost
static (inside,outside) InsideHost 10.11.10.1 netmask 255.255.255.255
Post ver8.2 I realize that command has changed to the object network command but does not work with the name. I recieve the following error:
name 12.236.93.72 InsideHost
object network obj-10.11.10.1
host 10.11.10.1
nat (inside,outside) static InsideHost
ERROR: InsideHost Dosn't Exist
I cannot find the Name Command in the newer post8.2 documentation.
Solved! Go to Solution.
02-12-2014 11:33 AM
Hi,
Its my understanding that the "name" configuration doesnt really play much of a role in the new ASA software levels and the "object" has atleast partially replaced that.
Do notice that you can create an "object" for the IP address 12.236.93.72
object network Insidehost
host 12.236.93.72
object network obj-10.11.10.1
host 10.11.10.1
nat (inside,outside) static Insidehost
But to be honest I have never liked the "name" configuration and have always disabled it on the ASAs I manage. When I am troubleshooting something or making new rules I want to do it based on the actual IP rather than a "name" but I guess its matter of taste/personal preference.
Also I dont use the above method either. I simply define the IP address in the section where you define the NAT IP address. This keeps the configuration clearer and less cluttered with "object" or "object-group"
Hope this helps
- Jouni
02-12-2014 11:33 AM
Hi,
Its my understanding that the "name" configuration doesnt really play much of a role in the new ASA software levels and the "object" has atleast partially replaced that.
Do notice that you can create an "object" for the IP address 12.236.93.72
object network Insidehost
host 12.236.93.72
object network obj-10.11.10.1
host 10.11.10.1
nat (inside,outside) static Insidehost
But to be honest I have never liked the "name" configuration and have always disabled it on the ASAs I manage. When I am troubleshooting something or making new rules I want to do it based on the actual IP rather than a "name" but I guess its matter of taste/personal preference.
Also I dont use the above method either. I simply define the IP address in the section where you define the NAT IP address. This keeps the configuration clearer and less cluttered with "object" or "object-group"
Hope this helps
- Jouni
02-12-2014 11:39 AM
Hi,
This is from the Command Reference the thing I referenced above
This is the change introduced when the NAT configuration format changed at 8.3(1)
8.3(1) You can no longer use a named IP address in a nat command or an access-list
command; you must use object network names instead. Although
network-object commands in an object group accept object network
names, you can still also use a named IP address identified by the name
command.
- Jouni
02-12-2014 11:48 AM
Thanks so much!!!
02-12-2014 11:51 AM
Hi,
Glad if it helped
Please do remember to mark a reply as the correct answer if it answered your question.
- Jouni
02-12-2014 11:37 AM
Hi,
Post 8.2 (8.3 and above) 'name' command changed to 'object network'. So you need to create another object network similar to your private ip.
EX:
object network public-10.11.10.1
host 12.236.93.72
object network obj-10.11.10.1
host 10.11.10.1
nat (inside,outside) static public-10.11.10.1
Check the below link (search for key word 'name')
http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/upgrading/migrating.html#wp106866
hth
MS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide