Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
441
Views
0
Helpful
1
Replies

ASA5520 nat questions

tsrader
Level 1
Level 1

‎08-14-2008 05:38 PM - edited ‎03-11-2019 06:31 AM

Office network (INSIDE) need to access lab network (OUTSIDE)

---- and ----

lab network (OUTSIDE) need to access office network (INSIDE)

NOTE: lab network resides inside the office network but are considered "high risk", therefore they're placed on OUTSIDE interface (least secure)

Requirement:

permit ALL outside hosts (behind firewall) to have a nat'd address to inside

inside ip space avail: 172.16.186.0 /23

outside ip space avail: 10.25.186.0 /23

inside interface ip: 172.16.186.2 /23

(172.16.186.1 assigned to L3 switch routed interface)

outside interface ip: 10.25.186.1 /23

Q1: Is this correct NAT statement?

global (outside) 2 interface

global (inside) 1 interface

nat (outside) 1 10.25.186.0 255.25.254.0 outside

nat (inside) 2 0.0.0.0 0.0.0.0

Q2: Is this correct static statment to create one-to-one nat for each host?

static (inside,outside) 10.25.186.0 172.16.186.0 255.255.254.0

Q3: do i need to list EVERY outside host in an object-group if i want to assign an ACL to the entire ip range?

-- or --

can i just do something like this:

object-group network outside_users

network-object 10.25.186.0 255.255.254.0

Q4: Is there a simpler way to do this?

Labels:
0 Helpful
1 Reply 1

Marwan ALshawi
VIP Alumni
VIP Alumni

‎08-14-2008 06:39 PM

ur config sound good

and about the Q3 u can use the

object-group network outside_users

network-object 10.25.186.0 255.255.254.0

good luck

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card