Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
796
Views
0
Helpful
3
Replies

Expanding subnet on inside interface

djl7780
Level 1
Level 1

‎11-13-2013 11:20 AM - edited ‎03-11-2019 08:04 PM

Hello All!

I have something that I hope someone can give me a hand with. I have taken over a network with an existing ASA already configured and working perfectly. Right now the inside interface subnet is 255.255.255.0 and we would like to change it to be 255.255.254.0 so it will include 192.168.0.0 and 192.168.1.0 to  make more addresses available on the network. Obviously I know I have to change our DHCP settings on the server and the subnet on the inside interface, but what else needs to be changed as far as ACL, NAT, etc? This ASA has multiple VPN's and it is critical to have as little downtime as possible. I am posting the current config, although I have removed any outside IP and password, etc info. If someone could please assist I would greatly appreciate it!

Thanks in advance!!!

hostname *****

domain-name *******.com

enable password ********* encrypted

passwd ******** encrypted

names

name 10.0.0.30 Adonis

!

interface Ethernet0/0

nameif outside

security-level 0

ip address 1.1.1.1 255.255.255.224

!

interface Ethernet0/1

speed 100

duplex full

nameif inside

security-level 100

ip address 192.168.0.1 255.255.255.0

!

interface Ethernet0/2

nameif dmz

security-level 50

ip address 10.0.0.1 255.255.255.0

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

shutdown

no nameif

no security-level

no ip address

!

boot system disk0:/asa842-18-k8.bin

ftp mode passive

clock timezone CST -6

clock summer-time CDT recurring

dns server-group DefaultDNS

domain-name *******.com

object network obj-192.168.0.0

subnet 192.168.0.0 255.255.255.0

object network obj-10.73.77.0

subnet 10.73.77.0 255.255.255.0

object network obj-192.168.51.0

subnet 192.168.51.0 255.255.255.0

object network obj-10.73.79.0

subnet 10.73.79.0 255.255.255.0

object network obj-192.168.6.0

subnet 192.168.6.0 255.255.255.0

object network obj-192.168.1.0

subnet 192.168.1.0 255.255.255.0

object network obj-192.168.50.0

subnet 192.168.50.0 255.255.255.0

object network obj-192.168.70.0

subnet 192.168.70.0 255.255.255.0

object network obj-192.168.2.0

subnet 192.168.2.0 255.255.255.0

object network obj-192.168.26.0

subnet 192.168.26.0 255.255.255.0

object network obj-10.73.95.0

subnet 10.73.95.0 255.255.255.0

object network obj-10.0.0.0

subnet 10.0.0.0 255.255.255.0

object network obj-192.168.5.0

subnet 192.168.5.0 255.255.255.0

object network obj-192.168.30.0

subnet 192.168.30.0 255.255.255.0

object network obj-10.73.90.0

subnet 10.73.90.0 255.255.255.0

object network obj-192.168.52.0

subnet 192.168.52.0 255.255.255.0

object network obj-192.168.53.0

subnet 192.168.53.0 255.255.255.0

object network obj-192.168.0.75

host 192.168.0.75

object network obj-192.168.0.132

host 192.168.0.132

object network obj-192.168.35.0

subnet 192.168.35.0 255.255.255.0

object network obj-10.73.88.0

subnet 10.73.88.0 255.255.255.0

object network obj-10.73.50.0

subnet 10.73.50.0 255.255.255.0

object network obj-192.168.82.0

subnet 192.168.82.0 255.255.255.0

object network obj-10.73.87.0

subnet 10.73.87.0 255.255.255.0

object network obj-10.73.78.0

subnet 10.73.78.0 255.255.255.0

object network obj-10.70.70.0

subnet 10.70.70.0 255.255.255.0

object network obj-10.73.80.0

subnet 10.73.80.0 255.255.255.0

object network obj-192.168.3.0

host 192.168.3.0

object network obj-192.168.4.0

host 192.168.4.0

object network obj-192.168.0.129

host 192.168.0.129

object network obj-192.168.0.5

host 192.168.0.5

object network obj_any

subnet 0.0.0.0 0.0.0.0

object network obj_any-01

subnet 0.0.0.0 0.0.0.0

object network obj-10.0.0.2

host 10.0.0.2

object network obj-10.0.0.3

host 10.0.0.3

object network obj-10.0.0.4

host 10.0.0.4

object network obj-10.0.0.10

host 10.0.0.10

object network obj-10.0.0.8

host 10.0.0.8

object network obj-10.0.0.11

host 10.0.0.11

object network Adonis

host 10.0.0.30

object network obj-10.0.0.15

host 10.0.0.15

object network obj-10.73.85.0

subnet 10.73.85.0 255.255.255.0

object network obj-192.168.20.0

subnet 192.168.20.0 255.255.255.0

object network obj-192.168.22.0

subnet 192.168.22.0 255.255.255.0

object network obj-192.168.27.0

subnet 192.168.27.0 255.255.255.0

object network obj-192.168.28.0

subnet 192.168.28.0 255.255.255.0

object network Controller1

host 192.168.0.136

description Controller1 VM

object network Controller2

host 192.168.0.253

description Controller2 VM

object-group network KIMCAM_VPN_REMOTE

network-object 192.168.5.0 255.255.255.0

object-group network KIMCAM_VPN_LOCAL

network-object 192.168.0.0 255.255.255.0

network-object 10.0.0.0 255.255.255.0

object-group network PIX506_VPN_REMOTE

network-object 10.73.87.0 255.255.255.0

object-group network PIX506_VPN_LOCAL

network-object 192.168.0.0 255.255.255.0

network-object 10.0.0.0 255.255.255.0

object-group network CONVEN_VPN_REMOTE

network-object 10.73.88.0 255.255.255.0

object-group network CONVEN_VPN_LOCAL

network-object 192.168.0.0 255.255.255.0

network-object 10.0.0.0 255.255.255.0

object-group network Controller

description Controller machines

network-object object Controller1

network-object object Controller2

object-group service Internet

description Internet Services 80/443

service-object tcp destination eq www

service-object tcp destination eq https

access-list dmzintf extended permit ip host 10.0.0.2 any

access-list dmzintf extended permit ip host **** any

access-list dmzintf extended permit ip host 10.0.0.3 any

access-list dmzintf extended permit ip host **** any

access-list dmzintf extended permit tcp host 10.0.0.2 eq 1433 any

access-list dmzintf extended permit tcp host 10.0.0.3 host 192.168.0.2 eq 137

access-list dmzintf extended permit tcp host 10.0.0.3 host 192.168.0.2 eq 138

access-list dmzintf extended permit tcp host 10.0.0.3 host 192.168.0.2 eq netbios-ssn

access-list dmzintf extended permit udp host 10.0.0.3 host 192.168.0.2 eq netbios-ns

access-list dmzintf extended permit udp host 10.0.0.3 host 192.168.0.2 eq netbios-dgm

access-list dmzintf extended permit udp host 10.0.0.3 host 192.168.0.2 eq 139

access-list dmzintf extended permit ip host 10.0.0.4 any

access-list dmzintf extended permit ip host **** any

access-list dmzintf extended permit ip host 10.0.0.6 any

access-list dmzintf extended permit ip host 10.0.0.7 any

access-list dmzintf extended permit ip host 10.0.0.8 any

access-list dmzintf extended permit ip host 10.0.0.9 any

access-list dmzintf extended permit ip host 10.0.0.10 any

access-list dmzintf extended permit ip host 10.0.0.11 any

access-list dmzintf extended permit ip host 10.0.0.21 any

access-list dmzintf extended permit ip host 10.0.0.12 any

access-list dmzintf extended permit ip host 10.0.0.22 any

access-list dmzintf extended permit ip host 10.0.0.25 any

access-list dmzintf extended permit tcp host 10.0.0.7 host 10.73.95.36 eq sqlnet

access-list dmzintf extended permit tcp object Adonis any eq domain

access-list dmzintf extended permit udp object Adonis any eq domain

access-list dmzintf extended permit ip object Adonis host 10.73.95.16

access-list dmzintf extended permit tcp host 10.0.0.15 host 192.168.0.121 eq domain

access-list dmzintf extended permit udp host 10.0.0.15 host 192.168.0.121 eq domain

access-list dmzintf extended permit udp host 10.0.0.15 host 192.168.0.120 eq domain

access-list dmzintf extended permit tcp host 10.0.0.15 host 192.168.0.120 eq domain

access-list dmzintf extended permit tcp host 10.0.0.15 any eq www

access-list dmzintf extended permit tcp host 10.0.0.15 any eq https

access-list dmzintf extended permit udp object Adonis any eq ntp

access-list tango extended permit ip 192.168.0.0 255.255.255.0 10.73.77.0 255.255.255.0

access-list tango extended permit ip 192.168.0.0 255.255.255.0 10.73.95.0 255.255.255.0

access-list tango extended permit ip 10.0.0.0 255.255.255.0 10.73.95.0 255.255.255.0

access-list tango extended permit ip 192.168.26.0 255.255.255.0 10.73.95.0 255.255.255.0

access-list tango extended permit ip 10.0.0.0 255.255.255.0 10.73.77.0 255.255.255.0

access-list tango extended permit ip 192.168.30.0 255.255.255.0 10.73.77.0 255.255.255.0

access-list tango extended permit ip 192.168.30.0 255.255.255.0 10.73.95.0 255.255.255.0

access-list tango extended permit ip 192.168.0.0 255.255.255.0 10.73.90.0 255.255.255.0

access-list tango extended permit ip 192.168.26.0 255.255.255.0 10.73.77.0 255.255.255.0

access-list tango extended permit ip 192.168.0.0 255.255.255.0 10.73.50.0 255.255.255.0

access-list tango extended permit ip 192.168.26.0 255.255.255.0 10.73.50.0 255.255.255.0

access-list tango extended permit ip 192.168.30.0 255.255.255.0 10.73.50.0 255.255.255.0

access-list tango extended permit ip 192.168.0.0 255.255.255.0 10.73.78.0 255.255.255.0

access-list tango extended permit ip 192.168.0.0 255.255.255.0 10.70.70.0 255.255.255.0

access-list tango extended permit ip 10.0.0.0 255.255.255.0 10.73.78.0 255.255.255.0

access-list tango extended permit ip 192.168.0.0 255.255.255.0 10.73.80.0 255.255.255.0

access-list tango extended permit ip 10.0.0.0 255.255.255.0 10.73.80.0 255.255.255.0

access-list tango extended permit ip 192.168.26.0 255.255.255.0 10.73.80.0 255.255.255.0

access-list karen extended permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0

access-list karen extended permit ip 10.0.0.0 255.255.255.0 192.168.2.0 255.255.255.0

access-list walker extended permit ip 192.168.2.0 255.255.255.0 10.73.79.0 255.255.255.0

access-list walker extended permit ip 10.0.0.0 255.255.255.0 10.73.79.0 255.255.255.0

access-list walker extended permit ip 192.168.0.0 255.255.255.0 10.73.79.0 255.255.255.0

access-list walker extended permit ip 192.168.26.0 255.255.255.0 10.73.79.0 255.255.255.0

access-list walker extended permit ip 192.168.30.0 255.255.255.0 10.73.79.0 255.255.255.0

access-list beverly extended permit ip 192.168.0.0 255.255.255.0 192.168.6.0 255.255.255.0

access-list beverly extended permit ip 10.0.0.0 255.255.255.0 192.168.6.0 255.255.255.0

access-list hooper extended permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list hooper extended permit ip 10.0.0.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list hooper extended permit ip 192.168.30.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list 110 extended permit ip 192.168.0.0 255.255.255.0 10.73.77.0 255.255.255.0

access-list 110 extended permit ip 192.168.0.0 255.255.255.0 192.168.51.0 255.255.255.0

access-list 110 extended permit ip 192.168.0.0 255.255.255.0 10.73.79.0 255.255.255.0

access-list 110 extended permit ip 192.168.0.0 255.255.255.0 192.168.6.0 255.255.255.0

access-list 110 extended permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list 110 extended permit ip 192.168.0.0 255.255.255.0 192.168.50.0 255.255.255.0

access-list 110 extended permit ip 192.168.0.0 255.255.255.0 192.168.70.0 255.255.255.0

access-list 110 extended permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0

access-list 110 extended permit ip 192.168.26.0 255.255.255.0 10.73.79.0 255.255.255.0

access-list 110 extended permit ip 192.168.0.0 255.255.255.0 10.73.95.0 255.255.255.0

access-list 110 extended permit ip 192.168.26.0 255.255.255.0 10.73.95.0 255.255.255.0

access-list 110 extended permit ip 192.168.0.0 255.255.255.0 192.168.5.0 255.255.255.0

access-list 110 extended permit ip 10.0.0.0 255.255.255.0 192.168.5.0 255.255.255.0

access-list 110 extended permit ip 192.168.30.0 255.255.255.0 10.73.77.0 255.255.255.0

access-list 110 extended permit ip 192.168.30.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list 110 extended permit ip 192.168.30.0 255.255.255.0 10.73.95.0 255.255.255.0

access-list 110 extended permit ip 192.168.0.0 255.255.255.0 10.73.90.0 255.255.255.0

access-list 110 extended permit ip 192.168.30.0 255.255.255.0 10.73.79.0 255.255.255.0

access-list 110 extended permit ip 192.168.26.0 255.255.255.0 192.168.52.0 255.255.255.0

access-list 110 extended permit ip 192.168.0.0 255.255.255.0 192.168.52.0 255.255.255.0

access-list 110 extended permit ip 192.168.30.0 255.255.255.0 192.168.52.0 255.255.255.0

access-list 110 extended permit ip 192.168.30.0 255.255.255.0 192.168.53.0 255.255.255.0

access-list 110 extended permit ip host 192.168.0.75 192.168.53.0 255.255.255.0

access-list 110 extended permit ip host 192.168.0.132 192.168.53.0 255.255.255.0

access-list 110 extended permit ip 192.168.0.0 255.255.255.0 192.168.35.0 255.255.255.0

access-list 110 extended permit ip 10.0.0.0 255.255.255.0 192.168.35.0 255.255.255.0

access-list 110 extended permit ip 192.168.26.0 255.255.255.0 10.73.77.0 255.255.255.0

access-list 110 extended permit ip 192.168.0.0 255.255.255.0 192.168.26.0 255.255.255.0

access-list 110 extended permit ip 192.168.0.0 255.255.255.0 10.73.88.0 255.255.255.0

access-list 110 extended permit ip 192.168.0.0 255.255.255.0 10.73.50.0 255.255.255.0

access-list 110 extended permit ip 192.168.26.0 255.255.255.0 10.73.50.0 255.255.255.0

access-list 110 extended permit ip 192.168.30.0 255.255.255.0 10.73.50.0 255.255.255.0

access-list 110 extended permit ip 192.168.0.0 255.255.255.0 192.168.82.0 255.255.255.0

access-list 110 extended permit ip 192.168.0.0 255.255.255.0 10.73.87.0 255.255.255.0

access-list 110 extended permit ip 192.168.0.0 255.255.255.0 10.73.78.0 255.255.255.0

access-list 110 extended permit ip 192.168.0.0 255.255.255.0 10.70.70.0 255.255.255.0

access-list 110 extended permit ip 192.168.0.0 255.255.255.0 10.73.80.0 255.255.255.0

access-list 110 extended permit ip 192.168.26.0 255.255.255.0 10.73.80.0 255.255.255.0

access-list 110 extended permit ip 10.0.0.0 255.255.255.0 10.73.95.0 255.255.255.0

access-list nonatdmz extended permit ip 10.0.0.0 255.255.255.0 10.73.77.0 255.255.255.0

access-list nonatdmz extended permit ip 10.0.0.0 255.255.255.0 192.168.2.0 255.255.255.0

access-list nonatdmz extended permit ip 10.0.0.0 255.255.255.0 192.168.3.0 255.255.255.0

access-list nonatdmz extended permit ip 10.0.0.0 255.255.255.0 192.168.51.0 255.255.255.0

access-list nonatdmz extended permit ip 10.0.0.0 255.255.255.0 10.73.79.0 255.255.255.0

access-list nonatdmz extended permit ip 10.0.0.0 255.255.255.0 192.168.6.0 255.255.255.0

access-list nonatdmz extended permit ip 10.0.0.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list nonatdmz extended permit ip 10.0.0.0 255.255.255.0 192.168.50.0 255.255.255.0

access-list nonatdmz extended permit ip 10.0.0.0 255.255.255.0 192.168.70.0 255.255.255.0

access-list nonatdmz extended permit ip 10.0.0.0 255.255.255.0 10.73.95.0 255.255.255.0

access-list nonatdmz extended permit ip 10.0.0.0 255.255.255.0 192.168.5.0 255.255.255.0

access-list nonatdmz extended permit ip 10.0.0.0 255.255.255.0 192.168.52.0 255.255.255.0

access-list nonatdmz extended permit ip 10.0.0.0 255.255.255.0 192.168.35.0 255.255.255.0

access-list nonatdmz extended permit ip 10.0.0.0 255.255.255.0 10.73.88.0 255.255.255.0

access-list nonatdmz extended permit ip 10.0.0.0 255.255.255.0 10.73.87.0 255.255.255.0

access-list nonatdmz extended permit ip 10.0.0.0 255.255.255.0 10.73.78.0 255.255.255.0

access-list nonatdmz extended permit ip 10.0.0.0 255.255.255.0 10.73.80.0 255.255.255.0

access-list 120 extended permit ip 10.0.0.0 255.255.255.0 192.168.50.0 255.255.255.0

access-list 120 extended permit ip 192.168.26.0 255.255.255.0 192.168.50.0 255.255.255.0

access-list 120 extended permit ip 192.168.0.0 255.255.255.0 192.168.50.0 255.255.255.0

access-list pix2pix extended permit ip 192.168.0.0 255.255.255.0 192.168.70.0 255.255.255.0

access-list pix2pix extended permit ip 10.0.0.0 255.255.255.0 192.168.70.0 255.255.255.0

access-list pix2pix extended permit ip 192.168.0.0 255.255.255.0 192.168.5.0 255.255.255.0

access-list pix2pix extended permit ip 10.0.0.0 255.255.255.0 192.168.5.0 255.255.255.0

access-list pix2pix extended permit ip 192.168.0.0 255.255.255.0 192.168.35.0 255.255.255.0

access-list pix2pix extended permit ip 10.0.0.0 255.255.255.0 192.168.35.0 255.255.255.0

access-list pix2pix extended permit ip 192.168.0.0 255.255.255.0 10.73.88.0 255.255.255.0

access-list pix2pix extended permit ip 10.0.0.0 255.255.255.0 10.73.88.0 255.255.255.0

access-list 121 extended permit ip 192.168.0.0 255.255.255.0 192.168.52.0 255.255.255.0

access-list 121 extended permit ip 192.168.26.0 255.255.255.0 192.168.52.0 255.255.255.0

access-list 121 extended permit ip 192.168.30.0 255.255.255.0 192.168.52.0 255.255.255.0

access-list 121 extended permit ip 10.0.0.0 255.255.255.0 192.168.52.0 255.255.255.0

access-list 122 extended permit ip 192.168.0.0 255.255.255.0 192.168.53.0 255.255.255.0

access-list 122 extended permit ip 192.168.30.0 255.255.255.0 192.168.53.0 255.255.255.0

access-list DYNVPN extended permit ip object-group KIMCAM_VPN_LOCAL object-group KIMCAM_VPN_REMOTE

access-list DYNVPN extended permit ip any 192.168.50.0 255.255.255.0

access-list DYNVPN extended permit ip object-group PIX506_VPN_LOCAL object-group PIX506_VPN_REMOTE

access-list DYNVPN extended permit ip object-group CONVEN_VPN_LOCAL object-group CONVEN_VPN_REMOTE

access-list outsideif extended permit tcp any host 10.0.0.3 eq www

access-list outsideif extended permit tcp any host 10.0.0.3 eq https

access-list outsideif extended permit udp any host 10.0.0.3 eq domain

access-list outsideif extended permit tcp any host 10.0.0.3 eq 7877

access-list outsideif extended permit tcp any host 10.0.0.3 eq 7777

access-list outsideif extended permit tcp any host 10.0.0.3 eq 2121

access-list outsideif extended permit tcp any host 10.0.0.3 eq 1755

access-list outsideif extended permit udp any host 10.0.0.3 eq 1755

access-list outsideif extended permit udp any host 10.0.0.3 eq 5005

access-list outsideif extended permit tcp any host 10.0.0.3 eq rtsp

access-list outsideif extended permit tcp any host 10.0.0.4 eq www

access-list outsideif extended permit ip host ***** host 192.168.0.75

access-list outsideif extended permit ip host ***** host 192.168.0.75

access-list outsideif extended permit tcp any host 10.0.0.10 eq www

access-list outsideif extended permit tcp any host 10.0.0.10 eq 1755

access-list outsideif extended permit udp any host 10.0.0.10 eq 1755

access-list outsideif extended permit udp any host 10.0.0.10 eq 5005

access-list outsideif extended permit tcp any host 10.0.0.10 eq rtsp

access-list outsideif extended permit tcp any host 10.0.0.10 eq https

access-list outsideif extended permit udp any host 10.0.0.10 eq domain

access-list outsideif extended permit tcp any host 10.0.0.10 eq 7877

access-list outsideif extended permit tcp any host 10.0.0.10 eq 7777

access-list outsideif extended permit tcp any host 10.0.0.10 eq 2121

access-list outsideif extended permit tcp host **** host 192.168.0.75

access-list outsideif extended permit tcp host **** any eq 161

access-list outsideif extended permit tcp host **** any eq 162

access-list outsideif extended permit udp host **** any eq snmp

access-list outsideif extended permit udp host **** any eq snmptrap

access-list outsideif extended permit tcp any host 10.0.0.8 eq https

access-list outsideif extended permit tcp any host 10.0.0.8 eq www

access-list outsideif extended permit tcp any host 10.0.0.11 eq 1755

access-list outsideif extended permit udp any host 10.0.0.11 eq 1755

access-list outsideif extended permit udp any host 10.0.0.11 eq 5005

access-list outsideif extended permit tcp any host 10.0.0.11 eq rtsp

access-list outsideif extended permit tcp any host 10.0.0.11 eq www

access-list outsideif extended permit tcp any host 10.0.0.11 eq https

access-list outsideif extended permit tcp host **** host **** eq 3389

access-list outsideif extended permit tcp host **** host **** eq 3389

access-list outsideif extended permit tcp any host 192.168.0.129 eq smtp

access-list outsideif extended permit tcp any host 192.168.0.129 eq https

access-list outsideif extended permit tcp any host 192.168.0.129 eq www

access-list outsideif extended permit tcp any host 192.168.0.129 eq pop3

access-list outsideif extended permit tcp host **** host 192.168.0.129 eq 3389

access-list outsideif extended permit tcp any host **** eq https

access-list outsideif extended permit udp any object Adonis eq domain

access-list outsideif extended permit tcp any object Adonis eq domain

access-list outsideif extended permit tcp any host 192.168.0.132 eq www

access-list outsideif extended permit tcp any host 192.168.0.132 eq https

access-list outsideif extended permit tcp any host 192.168.0.5 eq pop3

access-list outsideif extended permit tcp any host 192.168.0.5 eq www

access-list outsideif extended permit tcp any host 192.168.0.5 eq https

access-list outsideif extended permit icmp host **** any

access-list outsideif extended permit ip host **** host 192.168.0.132

access-list outsideif extended permit tcp any host 10.0.0.15 eq www

access-list outsideif extended permit tcp any host 10.0.0.15 eq https

access-list outsideif extended permit tcp any host 192.168.0.5 eq 995

access-list outsideif extended permit tcp any host 192.168.0.5 eq 587

access-list outsideif extended permit tcp host **** host 72.159.96.162 eq ssh

access-list outsideif extended permit tcp host **** host 72.159.96.162 eq ssh

access-list outsideif extended permit icmp any any

pager lines 24

logging enable

logging timestamp

logging trap warnings

logging history warnings

logging asdm informational

logging host inside 192.168.0.2

logging host inside 10.73.95.70

mtu outside 1500

mtu inside 1500

mtu dmz 1500

ip local pool vpn3000-pool 192.168.50.180-192.168.50.209

ip local pool vpn3001-pool 192.168.52.180-192.168.52.190

ip local pool vpn3002-pool 192.168.53.180-192.168.53.185

ip local pool sp-software 192.168.50.140-192.168.50.179

icmp unreachable rate-limit 1 burst-size 1

icmp permit host **** outside

icmp permit host **** outside

asdm image disk0:/asdm-645-206.bin

asdm history enable

arp timeout 14400

nat (inside,outside) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-10.73.77.0 obj-10.73.77.0 no-proxy-arp route-lookup

nat (inside,outside) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-192.168.5.0 obj-192.168.5.0 no-proxy-arp route-lookup

nat (inside,outside) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-192.168.5.0 obj-192.168.5.0 no-proxy-arp route-lookup

nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-10.73.77.0 obj-10.73.77.0 no-proxy-arp

nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-192.168.51.0 obj-192.168.51.0 no-proxy-arp

nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-10.73.79.0 obj-10.73.79.0 no-proxy-arp

nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-192.168.6.0 obj-192.168.6.0 no-proxy-arp

nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-192.168.1.0 obj-192.168.1.0 no-proxy-arp

nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-192.168.50.0 obj-192.168.50.0 no-proxy-arp

nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-192.168.70.0 obj-192.168.70.0 no-proxy-arp

nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-192.168.2.0 obj-192.168.2.0 no-proxy-arp

nat (inside,any) source static obj-192.168.26.0 obj-192.168.26.0 destination static obj-10.73.79.0 obj-10.73.79.0 no-proxy-arp

nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-10.73.95.0 obj-10.73.95.0 no-proxy-arp

nat (inside,any) source static obj-192.168.26.0 obj-192.168.26.0 destination static obj-10.73.95.0 obj-10.73.95.0 no-proxy-arp

nat (inside,any) source static obj-192.168.30.0 obj-192.168.30.0 destination static obj-10.73.77.0 obj-10.73.77.0 no-proxy-arp

nat (inside,any) source static obj-192.168.30.0 obj-192.168.30.0 destination static obj-192.168.1.0 obj-192.168.1.0 no-proxy-arp

nat (inside,any) source static obj-192.168.30.0 obj-192.168.30.0 destination static obj-10.73.95.0 obj-10.73.95.0 no-proxy-arp

nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-10.73.90.0 obj-10.73.90.0 no-proxy-arp

nat (inside,any) source static obj-192.168.30.0 obj-192.168.30.0 destination static obj-10.73.79.0 obj-10.73.79.0 no-proxy-arp

nat (inside,any) source static obj-192.168.26.0 obj-192.168.26.0 destination static obj-192.168.52.0 obj-192.168.52.0 no-proxy-arp

nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-192.168.52.0 obj-192.168.52.0 no-proxy-arp

nat (inside,any) source static obj-192.168.30.0 obj-192.168.30.0 destination static obj-192.168.52.0 obj-192.168.52.0 no-proxy-arp

nat (inside,any) source static obj-192.168.30.0 obj-192.168.30.0 destination static obj-192.168.53.0 obj-192.168.53.0 no-proxy-arp

nat (inside,any) source static obj-192.168.0.75 obj-192.168.0.75 destination static obj-192.168.53.0 obj-192.168.53.0 no-proxy-arp

nat (inside,any) source static obj-192.168.0.132 obj-192.168.0.132 destination static obj-192.168.53.0 obj-192.168.53.0 no-proxy-arp

nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-192.168.35.0 obj-192.168.35.0 no-proxy-arp

nat (inside,any) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-192.168.35.0 obj-192.168.35.0 no-proxy-arp

nat (inside,any) source static obj-192.168.26.0 obj-192.168.26.0 destination static obj-10.73.77.0 obj-10.73.77.0 no-proxy-arp

nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-192.168.26.0 obj-192.168.26.0 no-proxy-arp

nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-10.73.88.0 obj-10.73.88.0 no-proxy-arp

nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-10.73.50.0 obj-10.73.50.0 no-proxy-arp

nat (inside,any) source static obj-192.168.26.0 obj-192.168.26.0 destination static obj-10.73.50.0 obj-10.73.50.0 no-proxy-arp

nat (inside,any) source static obj-192.168.30.0 obj-192.168.30.0 destination static obj-10.73.50.0 obj-10.73.50.0 no-proxy-arp

nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-192.168.82.0 obj-192.168.82.0 no-proxy-arp

nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-10.73.87.0 obj-10.73.87.0 no-proxy-arp

nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-10.73.78.0 obj-10.73.78.0 no-proxy-arp

nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-10.70.70.0 obj-10.70.70.0 no-proxy-arp

nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-10.73.80.0 obj-10.73.80.0 no-proxy-arp

nat (inside,any) source static obj-192.168.26.0 obj-192.168.26.0 destination static obj-10.73.80.0 obj-10.73.80.0 no-proxy-arp

nat (dmz,outside) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-10.73.77.0 obj-10.73.77.0 no-proxy-arp route-lookup

nat (dmz,outside) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-192.168.2.0 obj-192.168.2.0 no-proxy-arp route-lookup

nat (dmz,outside) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-192.168.3.0 obj-192.168.3.0 no-proxy-arp route-lookup

nat (dmz,outside) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-192.168.51.0 obj-192.168.51.0 no-proxy-arp route-lookup

nat (dmz,outside) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-10.73.79.0 obj-10.73.79.0 no-proxy-arp route-lookup

nat (dmz,outside) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-192.168.6.0 obj-192.168.6.0 no-proxy-arp route-lookup

nat (dmz,outside) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-192.168.1.0 obj-192.168.1.0 no-proxy-arp route-lookup

nat (dmz,outside) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-192.168.50.0 obj-192.168.50.0 no-proxy-arp route-lookup

nat (dmz,outside) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-192.168.70.0 obj-192.168.70.0 no-proxy-arp route-lookup

nat (dmz,outside) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-10.73.95.0 obj-10.73.95.0 no-proxy-arp route-lookup

nat (dmz,outside) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-192.168.5.0 obj-192.168.5.0 no-proxy-arp route-lookup

nat (dmz,outside) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-192.168.52.0 obj-192.168.52.0 no-proxy-arp route-lookup

nat (dmz,outside) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-192.168.35.0 obj-192.168.35.0 no-proxy-arp route-lookup

nat (dmz,outside) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-10.73.88.0 obj-10.73.88.0 no-proxy-arp route-lookup

nat (dmz,outside) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-10.73.87.0 obj-10.73.87.0 no-proxy-arp route-lookup

nat (dmz,outside) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-10.73.78.0 obj-10.73.78.0 no-proxy-arp route-lookup

nat (dmz,outside) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-10.73.80.0 obj-10.73.80.0 no-proxy-arp route-lookup

nat (inside,outside) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-10.73.85.0 obj-10.73.85.0 no-proxy-arp route-lookup

nat (dmz,outside) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-10.73.85.0 obj-10.73.85.0 no-proxy-arp route-lookup

nat (inside,outside) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-192.168.20.0 obj-192.168.20.0 no-proxy-arp route-lookup

nat (dmz,outside) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-192.168.20.0 obj-192.168.20.0 no-proxy-arp route-lookup

nat (inside,outside) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-192.168.22.0 obj-192.168.22.0 no-proxy-arp route-lookup

nat (dmz,outside) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-192.168.22.0 obj-192.168.22.0 no-proxy-arp route-lookup

nat (inside,outside) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-192.168.27.0 obj-192.168.27.0 no-proxy-arp route-lookup

nat (dmz,outside) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-192.168.27.0 obj-192.168.27.0 no-proxy-arp route-lookup

nat (inside,outside) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-192.168.28.0 obj-192.168.28.0 no-proxy-arp route-lookup

nat (dmz,outside) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-192.168.28.0 obj-192.168.28.0 no-proxy-arp route-lookup

!

object network obj-192.168.0.0

nat (inside,dmz) static 192.168.0.0 no-proxy-arp route-lookup

object network obj-10.73.77.0

nat (inside,dmz) static 10.73.77.0 no-proxy-arp route-lookup

object network obj-192.168.1.0

nat (inside,dmz) static 192.168.1.0 no-proxy-arp route-lookup

object network obj-192.168.2.0

nat (inside,dmz) static 192.168.2.0 no-proxy-arp route-lookup

object network obj-10.0.0.0

nat (inside,dmz) static 10.0.0.0 no-proxy-arp route-lookup

object network obj-192.168.5.0

nat (inside,dmz) static 192.168.5.0 no-proxy-arp route-lookup

object network obj-192.168.0.75

nat (inside,outside) static 1.1.1.1

object network obj-192.168.0.132

nat (inside,outside) static 1.1.1.1

object network obj-192.168.3.0

nat (inside,dmz) static 192.168.3.0 no-proxy-arp route-lookup

object network obj-192.168.4.0

nat (inside,dmz) static 192.168.4.0 no-proxy-arp route-lookup

object network obj-192.168.0.129

nat (inside,outside) static 1.1.1.1

object network obj-192.168.0.5

nat (inside,outside) static 1.1.1.1

object network obj_any

nat (inside,outside) dynamic interface

object network obj_any-01

nat (dmz,outside) dynamic interface

object network obj-10.0.0.2

nat (dmz,outside) static 1.1.1.1

object network obj-10.0.0.3

nat (dmz,outside) static 1.1.1.1

object network obj-10.0.0.4

nat (dmz,outside) static 1.1.1.1

object network obj-10.0.0.10

nat (dmz,outside) static 1.1.1.1

object network obj-10.0.0.8

nat (dmz,outside) static 1.1.1.1

object network obj-10.0.0.11

nat (dmz,outside) static 1.1.1.1

object network Adonis

nat (dmz,outside) static 1.1.1.1

object network obj-10.0.0.15

nat (dmz,outside) static 1.1.1.1

access-group outsideif in interface outside

access-group dmzintf in interface dmz

route outside 0.0.0.0 0.0.0.0 *.*.*.* 1

route inside 192.168.26.0 255.255.255.0 192.168.0.9 1

route inside 192.168.30.0 255.255.255.0 192.168.0.8 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ (inside) host 10.73.95.70

timeout 8

key *******

aaa-server TACACS+ (outside) host

timeout 8

key *******

aaa-server RADIUS protocol radius

aaa-server RADIUS_Auth protocol radius

aaa-server RADIUS_Auth (inside) host 192.168.0.7

key ****

authentication-port 1812

accounting-port 1813

user-identity default-domain LOCAL

aaa authentication ssh console TACACS+

aaa authentication http console TACACS+

http server enable

http 192.168.0.0 255.255.255.0 inside

http 10.73.77.0 255.255.255.0 inside

snmp-server host inside 10.73.77.106

snmp-server host outside **** poll

no snmp-server location

no snmp-server contact

snmp-server community public

snmp-server enable traps snmp authentication linkup linkdown coldstart

snmp-server enable traps syslog

crypto ipsec ikev1 transform-set myset esp-des esp-md5-hmac

crypto dynamic-map dynmap 20 set ikev1 transform-set myset

crypto dynamic-map dynmap 30 match address DYNVPN

crypto dynamic-map dynmap 30 set ikev1 transform-set myset

crypto map mymap 5 match address tango

crypto map mymap 5 set peer ****

crypto map mymap 5 set ikev1 transform-set myset

crypto map mymap 5 set security-association lifetime seconds 28800

crypto map mymap 5 set security-association lifetime kilobytes 4608000

crypto map mymap 6 match address karen

crypto map mymap 6 set peer ****

crypto map mymap 6 set ikev1 transform-set myset

crypto map mymap 6 set security-association lifetime seconds 28800

crypto map mymap 6 set security-association lifetime kilobytes 4608000

crypto map mymap 9 match address walker

crypto map mymap 9 set peer ****

crypto map mymap 9 set ikev1 transform-set myset

crypto map mymap 9 set security-association lifetime seconds 28800

crypto map mymap 9 set security-association lifetime kilobytes 4608000

crypto map mymap 12 match address hooper

crypto map mymap 12 set peer ****

crypto map mymap 12 set ikev1 transform-set myset

crypto map mymap 12 set security-association lifetime seconds 28800

crypto map mymap 12 set security-association lifetime kilobytes 4608000

crypto map mymap 15 match address beverly

crypto map mymap 15 set peer ****

crypto map mymap 15 set ikev1 transform-set myset

crypto map mymap 15 set security-association lifetime seconds 28800

crypto map mymap 15 set security-association lifetime kilobytes 4608000

crypto map mymap 100 ipsec-isakmp dynamic dynmap

crypto map mymap interface outside

crypto ca trustpoint _SmartCallHome_ServerCA

crl configure

crypto ca certificate chain _SmartCallHome_ServerCA

crypto isakmp identity address

crypto isakmp nat-traversal 60

crypto ikev1 enable outside

crypto ikev1 policy 10

authentication pre-share

encryption des

hash md5

group 2

lifetime 86400

crypto ikev1 policy 20

authentication pre-share

encryption des

hash md5

group 1

lifetime 86400

crypto ikev1 policy 65535

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

console timeout 0

management-access inside

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

group-policy sp-remote internal

group-policy sp-remote attributes

wins-server value 192.168.0.2

dns-server value 192.168.0.121 192.168.0.120

vpn-idle-timeout 30

split-tunnel-policy tunnelspecified

split-tunnel-network-list value 120

default-domain value *******.com

group-policy sp-software internal

group-policy sp-software attributes

wins-server value 192.168.0.2

dns-server value 192.168.0.121 192.168.0.120

vpn-idle-timeout 30

split-tunnel-policy tunnelspecified

split-tunnel-network-list value 120

default-domain value *******.com

group-policy vpn3002 internal

group-policy vpn3002 attributes

wins-server value 192.168.0.2

dns-server value 192.168.0.121 192.168.0.120

vpn-idle-timeout 2

split-tunnel-policy tunnelspecified

split-tunnel-network-list value 122

default-domain value *******.com

group-policy vpn3000 internal

group-policy vpn3000 attributes

wins-server value 192.168.0.2

dns-server value 192.168.0.121 192.168.0.120

vpn-idle-timeout 30

split-tunnel-policy tunnelspecified

split-tunnel-network-list value 120

default-domain value *******.com

group-policy vpn3001 internal

group-policy vpn3001 attributes

wins-server value 192.168.0.2

dns-server value 192.168.0.121 192.168.0.120

vpn-idle-timeout 30

split-tunnel-policy tunnelspecified

split-tunnel-network-list value 121

default-domain value *******.com

group-policy pix2pix internal

group-policy pix2pix attributes

wins-server value 192.168.0.2

dns-server value 192.168.0.121 192.168.0.120

vpn-idle-timeout 30

vpn-tunnel-protocol ikev1 l2tp-ipsec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value pix2pix

default-domain value *******.com

nem enable

username admin password ***** encrypted privilege 15

tunnel-group DefaultL2LGroup ipsec-attributes

ikev1 pre-shared-key ********

tunnel-group DefaultRAGroup general-attributes

authentication-server-group (outside) RADIUS_Auth

tunnel-group DefaultRAGroup ipsec-attributes

ikev1 pre-shared-key ********

tunnel-group 1.1.1.1 type ipsec-l2l

tunnel-group 1.1.1.1 ipsec-attributes

ikev1 pre-shared-key ********

tunnel-group 1.1.1.1  type ipsec-l2l

tunnel-group 1.1.1.1  ipsec-attributes

ikev1 pre-shared-key ********

tunnel-group 1.1.1.1  type ipsec-l2l

tunnel-group 1.1.1.1  ipsec-attributes

ikev1 pre-shared-key ********

tunnel-group 1.1.1.1  type ipsec-l2l

tunnel-group 1.1.1.1  ipsec-attributes

ikev1 pre-shared-key ********

tunnel-group 1.1.1.1  type ipsec-l2l

tunnel-group 1.1.1.1  ipsec-attributes

ikev1 pre-shared-key ********

tunnel-group 1.1.1.1  type ipsec-l2l

tunnel-group 1.1.1.1  ipsec-attributes

ikev1 pre-shared-key ********

tunnel-group 1.1.1.1  type ipsec-l2l

tunnel-group 1.1.1.1  ipsec-attributes

ikev1 pre-shared-key ********

tunnel-group vpn3000 type remote-access

tunnel-group vpn3000 general-attributes

address-pool vpn3000-pool

authentication-server-group (outside) RADIUS_Auth

default-group-policy vpn3000

tunnel-group vpn3000 ipsec-attributes

ikev1 pre-shared-key ********

tunnel-group pix2pix type remote-access

tunnel-group pix2pix general-attributes

authentication-server-group (outside) RADIUS_Auth

default-group-policy pix2pix

tunnel-group pix2pix ipsec-attributes

ikev1 pre-shared-key ********

tunnel-group vpn3001 type remote-access

tunnel-group vpn3001 general-attributes

address-pool vpn3001-pool

authentication-server-group (outside) RADIUS_Auth

default-group-policy vpn3001

tunnel-group vpn3001 ipsec-attributes

ikev1 pre-shared-key ********

tunnel-group vpn3002 type remote-access

tunnel-group vpn3002 general-attributes

address-pool vpn3002-pool

authentication-server-group (outside) RADIUS_Auth

default-group-policy vpn3002

tunnel-group vpn3002 ipsec-attributes

ikev1 pre-shared-key ********

tunnel-group sp-remote type remote-access

tunnel-group sp-remote general-attributes

address-pool vpn3000-pool

authentication-server-group (outside) RADIUS_Auth

default-group-policy sp-remote

tunnel-group sp-remote ipsec-attributes

ikev1 pre-shared-key ********

tunnel-group sp-software type remote-access

tunnel-group sp-software general-attributes

address-pool sp-software

authentication-server-group (outside) RADIUS_Auth

default-group-policy sp-software

tunnel-group sp-software ipsec-attributes

ikev1 pre-shared-key ********

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect http

  inspect rsh

  inspect rtsp

  inspect skinny 

  inspect sqlnet

  inspect tftp

  inspect ip-options

!

service-policy global_policy global

prompt hostname context

call-home reporting anonymous

call-home

profile CiscoTAC-1

  no active

Labels:
0 Helpful
3 Replies 3

jumora
Level 7
Level 7

‎11-13-2013 12:36 PM

On the ASA:

NAT configuration associated to object network obj-192.168.0.0, you also need to consider  object network obj-192.168.1.0 since both are /24.

On the router that connects to the ASA you need to change the subnet of the interface facing towards the ASA and consider that you have created a bigger broadcast domain. I am not sure if you are running any type of routing protocol on the internal router but if you are you need to consider this too.

Also look at this configuration line:

nat (inside,any) source static obj-192.168.30.0 obj-192.168.30.0 destination static obj-192.168.1.0 obj-192.168.1.0 no-proxy-arp

Does 192.168.1.0/24 network reside on another interface other than inside? If so then this would not be a wise configuration change. You need to get your facts right or give us more detail.

It seems it is related to the next configuration line that is part of VPN LAN to LAN.

crypto map mymap 12 match address hooper

access-list hooper extended permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list hooper extended permit ip 10.0.0.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list hooper extended permit ip 192.168.30.0 255.255.255.0 192.168.1.0 255.255.255.0

Value our effort and rate the assistance!
0 Helpful

djl7780
Level 1
Level 1
In response to jumora

‎11-13-2013 01:11 PM

Could I get an example of what the new NAT line would look like?

To anwser your question, 192.168.1.0/24 network only resides on the inside interface. I don't think I understand why it would not be a wise config change?

It looks like there is another router (192.168.0.8) that has the 192.168.30.x network on it.


0 Helpful

jumora
Level 7
Level 7
In response to djl7780

‎11-13-2013 02:05 PM

A configuration example is simple but as I said you need to confirm what you have.

Configuration example:

object network new_obj-192.168.0.0

subnet 192.168.0.0 255.255.254.0

nat (inside,any) source static new_obj-192.168.0.0  new_obj-192.168.0.0 destination static obj-10.73.77.0 obj-10.73.77.0 no-proxy-arp

This is an example but you can also edit the NATs that involve the object network obj-192.168.0.0

object network obj-192.168.0.0

subnet 192.168.0.0 255.255.254.0

And it changes all the configurations that involve this NAT.

You need to be careful with what you are doing.

Please rate the assistance

Value our effort and rate the assistance!
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top