Multiple Inside Translation to one Global Range

ty.masse · ‎07-08-2013

I need assistance with this configuration. In the pre 8.3 version of the ASA IOS, I could do this:

nat (inside) 1 10.1.1.0 255.255.255.0

nat (inside) 1 192.168.1.0 255.255.255.0

nat (inside) 1 172.16.1.0 255.255.255.0

Global (outside) 1 32.16.1.1 - 32.16.1.50

I can't seem to replicate a similar configuration in ASA 8.4. Can someone please help me with that?

thanks.

Jouni Forss · ‎07-08-2013

Hi,

I personally like to do the typical Dynamic NAT in this way

object-group network DEFAULT-NAT-SOURCE

network-object 10.1.1.0 255.255.255.0

network-object 192.168.1.0 255.255.255.0

network-object 172.16.1.0 255.255.255.0

object network NAT-POOL

range 32.16.1.1 32.16.1.50

nat (inside,outside) after-auto source dynamic DEFAULT-NAT-SOURCE NAT-POOL

Or you can change the NAT configuration format a bit and change it to

nat (any,outside) after-auto source dynamic DEFAULT-NAT-SOURCE NAT-POOL

The only difference with the 2 above "nat" commands is that the other works only for network behind "inside" interface. The other one could be used for "any" interface on the ASA. So if you have multiple networks you wanted to add to the NAT configuration then you would simply add them to the "object-group" we used. The names of the objects can naturally be anything you like.

Hope this helps

Please do remember to mark the reply as the correct answer if it answered your question.

- Jouni

Jouni Forss · ‎07-08-2013

Also,

You can always check out a NAT 8.3+ document I made on the forums. It has some basic information about the new NAT format.

https://supportforums.cisco.com/docs/DOC-31116

Though naturally feel free to ask questions here if you have something other configurations you havent been able to migrate to the new format.

Hope this helps

- Jouni