An easy question for the experienced Cisco Community.
I'm configuring an ASA5506 for a simple task. Yes, I know - it's old, but that's what I got right now.
I need to isolate an IoT-subnet inside my LAN and I figured that the best way to do it, is to use an ASA. The IoT-subnet is 192.168.1.x/24, but I already have that subnet routed somewhere else in my LAN, so I want to use the ASA to NAT the 192.168.1.x/24 to another subnet that I can accept. I allready tried to convince the provider of the IoT-devices to change the IP's of the IoT-devices to reconfigure to the subnet I can accept, but unfortunately it's too late.
MY LAN --- (outside) ASA5506 (inside) --- 10.150.128.0/24 seen from MY LAN (but really 192.168.1.x/24)
ex. So if I ping 10.150.128.5 from MY LAN, I actually get 192.168.1.5 and so forth.
How do I do this in CLI?
Solved! Go to Solution.
I found another discussion that is very similair to what I am trying to achieve. I'm a bit uncertain if it works. Right now I'm preconfiguring the ASA, before installing it at the location.
Can you see if I've done it right?
ip address 10.100.20.20 255.255.252.0
ip address 192.168.1.1 255.255.255.0
object network CTS-LAN
subnet 192.168.1.0 255.255.255.0
object network CTS-LAN-nat
subnet 10.150.128.0 255.255.255.0
nat (CTS-LAN,RK-LAN) source static CTS-LAN CTS-LAN-nat
route RK-LAN 0.0.0.0 0.0.0.0 10.100.1.1 1
RK-ASA-CTS# show xlate
2 in use, 2 most used
Flags: D - DNS, e - extended, I - identity, i - dynamic, r - portmap,
s - static, T - twice, N - net-to-net
NAT from CTS-LAN:192.168.1.0/24 to RK-LAN:10.150.128.0/24
flags sT idle 0:00:46 timeout 0:00:00
NAT from RK-LAN:0.0.0.0/0 to CTS-LAN:0.0.0.0/0
flags sIT idle 0:00:46 timeout 0:00:00