Solved: Perfect, kind of what I was

burleyman · ‎09-04-2015

I will be setting up an ASA with 9.x and have 2 ISP's and I have a question on the NAT configurations.

Here are my interfaces:

Interface Name:IP Address

outside: 1.1.1.1

backup: 2.2.2.2

inside: 172.16.1.0/24

DMZ: 10.2.1.0/24

The two NAT rules I have questions on are this....

Will either of these work?

And which way is best?

And what is the difference between them?

Option 1:

nat (inside,outside) after-auto source dynamic any interface
nat (inside,backup) after-auto source dynamic any interface
nat (DMZ,outside) after-auto source dynamic any interface
nat (DMZ,backup) after-auto source dynamic any interface

Option 2:

object network NAT-lan-network
subnet 172.16.1.0 255.255.255.0
nat (inside,outside) dynamic interface

object network NAT-lan-network-Backup
subnet 172.16.1.0 255.255.255.0
nat (inside,backup) dynamic interface

object network NAT-dmz-network
subnet 10.2.1.0 255.255.255.0
nat (DMZ,outside) dynamic interface

object network NAT-dmz-network-Backup
subnet 10.2.1.0 255.255.255.0
nat (DMZ,backup) dynamic interface

Thanks,

Mike

rodrigog · ‎09-04-2015

Hello Mike,

1)Both options will work

2)I would go for using option 2

3)option 2 is more specific network based and will help you keeping a better record of which network are you natting

option 1 will nat anything coming from the inside and DMZ interfaces going to the internet

Let me know if you got any other questions with this nat.

View solution in original post

rodrigog · ‎09-04-2015