Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1930
Views
1
Helpful
2
Replies

Multiple VLAN's Dynamic NAT ASA 5520 8.4(5)

Go to solution
AQUALUNGAMERICA
Level 1
Level 1

‎08-06-2013 12:04 PM - edited ‎03-11-2019 07:22 PM

I have created three Vlan's on one of my physical interfaces

interface GigabitEthernet0/3

no nameif

no security-level

no ip address

interface GigabitEthernet0/3.1

vlan 10

nameif guestwireless

security-level 1

ip address 10.7.1.1 255.255.255.0

interface GigabitEthernet0/3.2

vlan 20

nameif aqawireless

security-level 100

ip address 10.8.1.1. 255.255.255.0

interface GigabitEthernet0/3.3

vlan 30

nameif WLCManagement

security-level 100

ip address 10.13.1.1 255.255.255.0

I want to have them all use the outside interface would I need three statements: here are my commands:

# object network guestwireless

# subnet 10.7.1.1 255.255.255.0

# nat (guestwireless,outside) interface dynamic

# object network aqawireless

# subnet 10.8.1.1 255.255.255.0

# nat (aqawireless,outside) interface dynamic

# object network WLCManagement

# subnet 10.13.1.1 255.255.255.0

# nat (WLCManagement,outside) interface dynamic

Thank you

Carlos

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎08-06-2013 01:04 PM

Hi,

There are some minor errors in the format you used. Mainly in that you should use the network address in the "subnet" command and the parameters "dynamic" and "interface" are the wrong way around.

object network guestwireless

subnet 10.7.1.0 255.255.255.0

nat (guestwireless,outside) dynamic interface

object network aqawireless

subnet 10.8.1.0 255.255.255.0

nat (aqawireless,outside) dynamic interface

object network WLCManagement

subnet 10.13.1.0 255.255.255.0

nat (WLCManagement,outside) dynamic interface

You also have another option like this

object-group network WIRELESS-PAT-SOURCE

network-object 10.7.1.0 255.255.255.0

network-object 10.8.1.0 255.255.255.0

network-object 10.13.1.0 255.255.255.0

nat (any,outside) after-auto source dynamic WIRELESS-PAT-SOURCE interface

The "object-group" we created holds the source network/addresses for which we want to do Dynamic PAT for. We also define the source interface as "any" so the Dynamic PAT applies to all the 3 mentioned interfaces.

Hope this helps

Please do remember to mark a reply as the correct answer if it answered your question.

Feel free to ask more if needed

- Jouni

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎08-06-2013 01:04 PM

Hi,

There are some minor errors in the format you used. Mainly in that you should use the network address in the "subnet" command and the parameters "dynamic" and "interface" are the wrong way around.

object network guestwireless

subnet 10.7.1.0 255.255.255.0

nat (guestwireless,outside) dynamic interface

object network aqawireless

subnet 10.8.1.0 255.255.255.0

nat (aqawireless,outside) dynamic interface

object network WLCManagement

subnet 10.13.1.0 255.255.255.0

nat (WLCManagement,outside) dynamic interface

You also have another option like this

object-group network WIRELESS-PAT-SOURCE

network-object 10.7.1.0 255.255.255.0

network-object 10.8.1.0 255.255.255.0

network-object 10.13.1.0 255.255.255.0

nat (any,outside) after-auto source dynamic WIRELESS-PAT-SOURCE interface

The "object-group" we created holds the source network/addresses for which we want to do Dynamic PAT for. We also define the source interface as "any" so the Dynamic PAT applies to all the 3 mentioned interfaces.

Hope this helps

Please do remember to mark a reply as the correct answer if it answered your question.

Feel free to ask more if needed

- Jouni

0 Helpful

Go to solution
AQUALUNGAMERICA
Level 1
Level 1
In response to Jouni Forss

‎08-06-2013 02:00 PM

Jouni,

        Appreciate the help and the lesson.

Thank you

Carlos

I marked the response as correct answer.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card