Solved: manual Static NAT using Object Groups

ddebrova · ‎02-08-2018

object-group network obj-Costumer
network-object host 100.100.220.10
network-object host 100.100.220.20
network-object host 100.100.220.25

object-group network obj-Internal
network-object host 10.2.2.10
network-object host 10.3.10.10
network-object host 192.168.10.10

nat (outside,inside) source static any any destination static obj-Customer obj-Internal unidirectional

Will this NAT work? If yes, will the mapping be 1st-1st, 2nd-2nd entry and so on?

Or should I just do single objects for every single IP?

Thank you in advance !

martvald · ‎02-09-2018

Hello @ddebrova,

It will be better to create 3 NATs for each one of them since you will a problem with the NAT if you do it that way, for example:

If the traffic is originated first from 100.100.220.20 is not going to take 10.3.10.10 instead it the NAT will be created with 10.2.2.10 since is the first option in the object-group.

HTH

Martha

View solution in original post

martvald · ‎02-09-2018

Hello @ddebrova,

It will be better to create 3 NATs for each one of them since you will a problem with the NAT if you do it that way, for example:

If the traffic is originated first from 100.100.220.20 is not going to take 10.3.10.10 instead it the NAT will be created with 10.2.2.10 since is the first option in the object-group.

HTH

Martha

ddebrova · ‎02-09-2018

@martvald

Thank you for your response.

I was under the impression that it maps 1-1,2-2 and so on no matter where traffic comes from first like:

100.100.220.10 nats to 10.2.2.10

100.100.220.20 nats to 10.3.10.10

So , I will have to do individual mappings then.

Do you know any documentation explaining this NAT process in details. Haven't found anything clear so far.