Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
689
Views
0
Helpful
2
Replies

manual Static NAT using Object Groups

Go to solution
ddebrova
Level 1
Level 1

‎02-08-2018 01:45 PM - edited ‎02-21-2020 07:19 AM

object-group network obj-Costumer
network-object host 100.100.220.10
network-object host 100.100.220.20
network-object host 100.100.220.25

 

object-group network obj-Internal
network-object host 10.2.2.10
network-object host 10.3.10.10
network-object host 192.168.10.10


nat (outside,inside) source static any any destination static obj-Customer obj-Internal unidirectional

 

Will this NAT work? If yes, will the mapping be 1st-1st, 2nd-2nd entry and so on?

Or should I just do single objects for every single IP?

 

Thank you in advance !

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
martvald
Cisco Employee
Cisco Employee

‎02-09-2018 07:06 AM - edited ‎02-09-2018 12:25 PM

Hello @ddebrova

 

It will be better to create 3 NATs for each one of them since you will a problem with the NAT if you do it that way, for example: 

 

If the traffic is originated first from 100.100.220.20 is not going to take 10.3.10.10 instead it the NAT will be created with 10.2.2.10 since is the first option in the object-group.

 

HTH

Martha

View solution in original post

0 Helpful
2 Replies 2

Go to solution
martvald
Cisco Employee
Cisco Employee

‎02-09-2018 07:06 AM - edited ‎02-09-2018 12:25 PM

Hello @ddebrova

 

It will be better to create 3 NATs for each one of them since you will a problem with the NAT if you do it that way, for example: 

 

If the traffic is originated first from 100.100.220.20 is not going to take 10.3.10.10 instead it the NAT will be created with 10.2.2.10 since is the first option in the object-group.

 

HTH

Martha

0 Helpful

Go to solution
ddebrova
Level 1
Level 1
In response to martvald

‎02-09-2018 07:22 AM

@martvald 

 

Thank you for your response.

I was under the impression that it maps 1-1,2-2 and so on no matter where traffic comes from first like:

100.100.220.10  nats to 10.2.2.10

100.100.220.20 nats to 10.3.10.10 

So , I will have to do individual mappings then.

Do you know any documentation explaining this NAT process in details. Haven't found anything clear so far.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card