ASA5506 X Natting

Lee Murphy · ‎08-16-2016

I need to NAT or PAT, a couple inside hosts to the outside interface. Problem is I don't want to create a NAT pool for the couple inside hosts to NAT to.

Karsten Iwen · ‎08-16-2016

With pool you probably mean an object-group that you (for whatever reason) don't want to configure? Then you can still use individual PAT-rules for each host-object.

Still I would say that this is the wrong approach for NAT/PAT. In most situations you could do single NAT/PAT at the and of the NAT-rules for your dynamic PAT:

nat (any,outside) after-auto source any interface

This is not to control which host are allowed to access the outside networks, that is done with access-lists.

Lee Murphy · ‎08-17-2016

Right, so I want to translate two inside hosts to the outside interface ip. Than I can create ACLs to control the traffic. I am leaning on NAT Overload or Port Forwarding I believe... First time configuring...

Karsten Iwen · ‎08-17-2016

I am leaning on NAT Overload or Port Forwarding I believe...

Just for the wording: NAT overload and PAT in Cisco-speech mean the same as masquerading on other platforms. Many internal IPs (inside local) are translated to a single IP (inside global).

Port Forwarding is (typically but not always) when you configure the ASA to listen on a specific IP/Port on the outside interface and translate this to an inside host for incoming connections.

More on NAT can be found in the config-guide.

Lee Murphy · ‎08-17-2016

Let me be more specific to my situation...

inside: 10.5.x.x /16

outside: 10.30.x.x /24

Inside Hosts: 10.5.x.x /16 and 10.5.x.x /16

I need the inside hosts to NAT to the outside Address 10.30.x.x

(This will be the only outbound traffic and there will be no inbound traffic allowed)

I cannot use a range of addresses and the code is 8.3 so its different than the standard rules I remember.

So I need to create object networks, which I am having trouble with...