Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1588
Views
0
Helpful
2
Replies

ASA VLAN Tagging and NAT-ing

George-Sl
Level 1
Level 1

‎10-07-2019 10:54 PM - edited ‎02-21-2020 09:34 AM

Hello,

 

I am trying to figure what would be the ASA configuration that could do the same thing this watchguard does, I need the configuration.

that Fa0/0 carries vlan 10, 20 ,30 and they are just vlans, fa0/0 interface is probably a router on stick so it's probably tagged per sub interface, and vlan 701 is the vlan that can carry us to the internet and our public facing ip address is 18.2.211.55 which we try to nat all of our inside networks to that. our inside networks are (vlan 10=192.168.10.0, vlan 20= 192.168.20.0, vlan 30= 192.168.30.0)

Vlan 444 is the management vlan.

and int Fa0/1 is trunk as well and that cisco 48 port switch is L2,

so I don't know the config on the fast interfaces

and I don't know what should I put in that object network .... NAT(xx,xx) command

and about that Public IP 18.2.211.55, I heard from the designer that it's on vlan 701, doesn't make sense to me, so I could be wrong, if you can figure the architecture here as well would be good too

 

NAT.png

0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎10-08-2019 12:35 PM

You can configure ASA as per the below  example config - change the security levels and nameif as per the requirement.

 

Before you go live test offline.

 

interface GigabitEthernet0/0
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/0.10
vlan 10
nameif BBVLAN10
security-level 50
ip address 192.168.10.1 255.255.255.0
!
interface GigabitEthernet0/0.20
vlan 20
nameif BBVLAN20
security-level 50
ip address 192.168.20.1 255.255.255.0
!
interface GigabitEthernet0/0.30
vlan 30
nameif BBVLAN30
security-level 50
ip address 192.168.20.1 255.255.255.0

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Marius Gunnerud
VIP
VIP

‎10-08-2019 02:02 PM

If you are just looking to NAT for internet access then you can do the following

object network 192.168.10.0_24

  subnet 192.168.10.0 255.255.255.0

  nat (inside,outside) dynamic interface

 

Just change the interface names inside (source) and outside (destination). And if you want to NAT to an IP other than the outside interface IP you can create a different object and reference that instead of "interface"

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card