Global PAT

SHSCITHelpdesk · ‎12-17-2015

Hi All, i am currently replacing a PIX firewall with an ASA 9.5(1).

I have configured the access rules but i am unsure on the best way of configuring PAT on the external interface, which is automatic on the PIX.

I have created a container containing our 2 aggregated IP address ranges which are a /19 and a /20 subnet but testing has been unsuccessful.

When testing external access rules I can only connect if I create an object for the individual PC I am using and NAT (PAT Hide) that to the external interface.

I have tried doing the same thing using a network object for the local subnet the PC is on but this has also proved unsuccessful.

I can create an access rule for a group of individual (nat/pat hide) PCs but I would prefer to use PAT.

Any help appreciated.

Pete

Shivapramod M · ‎12-17-2015

Hi Pete,

As per my understanding you would like to translate the inside subnets to outside interface IP so that you can send the traffic to internet. Please correct me if my understanding about the issue is incorrect.

If you are looking to do a dynamic PAT then below is a sample configuration.

ASA1(config)# object network obj_192.168.13.0_outside
ASA1(config-network-object)# subnet 192.168.13.0 255.255.255.0
ASA1(config-network-object)# nat (inside,outside) dynamic interface

You can refer the below link for more information

https://supportforums.cisco.com/document/33921/asa-pre-83-83-nat-configuration-examples

Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts