06-20-2011 12:12 AM - edited 03-11-2019 01:47 PM
hello
this is ASA5520 associate with 8.4(1). very simple scenario , three ports: inside . outside . DMZ
my problem is how to use network object NAT to perform Regular Dynamic PAT and Identity NAT.
for example, this is my configuration
**** first i configured Regular Dynamic PAT****
object network myinside
subnet 10.200.11.0 255.255.255.0
nat (inside,outside) dynamic interface
**** then , i met problem when i want to make identity NAT between inside and DMZ****
**** if i add below CLI , the first nat line will be replaced ****
**** SO IF I ADD THIS****
nat (inside,DMZ) static myinside
***** then only the new nat line binding with object "myside"****
***** if you show run nat , it will be*****
object network myinside
subnet 10.200.11.0 255.255.255.0
nat (inside,DMZ) static myinside
so anybody could advise where is my mistake ?
only one nat line could associate with one object ?
thanks for any advice!
Solved! Go to Solution.
06-20-2011 12:18 AM
Hi Chao,
In Version 8.4.1, for object-NAT, you would need to create separate objects for eacvh nAT statement, because each object can only be binded to a single nat statement. So yes you would need to create another object for the same network to be used for a different NAT statement. You would need to create another object myinside2 for the same 10.200.11.0 network.
Hope this helps.
Thanks,
Varun
06-20-2011 12:18 AM
Hi Chao,
In Version 8.4.1, for object-NAT, you would need to create separate objects for eacvh nAT statement, because each object can only be binded to a single nat statement. So yes you would need to create another object for the same network to be used for a different NAT statement. You would need to create another object myinside2 for the same 10.200.11.0 network.
Hope this helps.
Thanks,
Varun
06-20-2011 12:33 AM
thanks Varun , sounds make sense , let me try !
06-20-2011 01:26 AM
yes, you are right.
same subnet associate with different object name then it works.
thanks a lot
06-20-2011 01:29 AM
Hi Chao,
Glad that it resolved the issue for you.
Thanks,
Varun
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide