08-26-2015 11:08 PM - edited 03-11-2019 11:30 PM
I need some help in creating a NAT statement as i am migrating a pre-8.3 migration to 9.1 and almost done all except one type of NAT i can't understand exactly.
v 8.2
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
access-list inside_nat0_outbound extended permit ip 10.38.36.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.38.36.0 255.255.255.0 10.38.37.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.38.36.0 255.255.255.0 10.38.46.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.38.36.0 255.255.255.0 192.168.12.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.38.0.0 255.255.0.0 10.38.39.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 194.165.102.1 1
route inside DHCP-pool1 255.255.254.0 10.38.36.1 1
route inside DHCP-pool2 255.255.254.0 10.38.36.1 1
route inside DHCP-pool3 255.255.254.0 10.38.36.1 1
route inside 10.10.37.0 255.255.255.0 10.38.36.1 1
route inside 10.38.0.0 255.255.0.0 10.38.36.1 1
How shall it look like in v 9.1, as the access-list have many lines i thought there is someway i can trim it under object statement?
Also the NAT statement, i am confused in what it should look like, either NAT (inside, any) or NAT (inside,outside)? i have added the route statements and would appreciate some help on this.
08-27-2015 12:07 AM
Another one that is pretty hard i can't get grip on is:
static (zones,outside) tcp interface 2507 access-list taxing
access-list taxing extended permit tcp host cannonball eq 2507 object-group grp1
object-group network grp1
network-object host srv1
network-object host srv2
network-object host srv3
network-object host srv4
network-object net1 255.255.255.240
network-object host srv7
network-object host srv8
08-30-2015 07:56 AM
Hi,
object network obj-10.38.36.0
subnet 10.38.36.0 255.255.255.0
object network obj-10.38.0.0
subnet 10.38.0.0 255.255.0.0
object network obj-192.168.20.0
subnet 192.168.20.0 255.255.255.0
object network obj-10.38.37.0
subnet 10.38.37.0 255.255.255.0
object network obj-10.38.46.0
subnet 10.38.46.0 255.255.255.0
object network obj-192.168.12.0
subnet 192.168.12.0 255.255.255.0
object network obj-10.38.39.0
subnet 10.38.39.0 255.255.255.0
For the 1st NAT statement , you have to use the Manual NAT statement:-
Source-Objects:-
object-group network SRC
network-object object obj-10.38.36.0
network-object object obj-10.38.0.0
object-group network DEST
network-object object obj-192.168.20.0
network-object object obj-192.168.12.0
network-object object obj-10.38.37.0
network-object object obj-10.38.46.0
network-object object obj-10.38.37.0
network-object object obj-10.38.39.0
nat (inside,outside) source dynamic SRC interface destination static DEST DEST no-proxy-arp
I think you would be able to configure the other NAT and it would be in a similar way as above.
Let me know if you have any issues.
Thanks and Regards,
Vibhor Amrodia
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide