Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
393
Views
5
Helpful
1
Replies

ASA weired nat statements in 9.8

kashif.rana
Level 1
Level 1

‎06-27-2018 09:06 AM - edited ‎02-21-2020 07:55 AM

Hello Experts

 

I was doing the cleanup on Cisco ASA version 9.8, I found below weird nat statement and objects. I really appreciate if someone can explain below and let me know if I can delete them safely?

 

object network obj_any
   subnet 0.0.0.0 0.0.0.0
   nat (inside,outside) dynamic obj-0.0.0.0

object network obj_any-01
   subnet 0.0.0.0 0.0.0.0
   nat (inside,mgmt) dynamic obj-0.0.0.0

Regards,

KR

 

Labels:
0 Helpful
1 Reply 1

Dennis Mink
VIP Alumni
VIP Alumni

‎06-27-2018 06:38 PM

that is like a blanket object NAT for all outbound connections (dymic NAT overload).

 

You should really have more specific NAT in place than that, so good change it drops out the bottom.

 

I would double check the active NAT through those interfaces and If more specific rules are being hit. get rid of the object. 

 

Please remember to rate useful posts, by clicking on the stars below.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card