cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

518
Views
0
Helpful
3
Replies
Highlighted
Beginner

NAT ASA 8.4+

Greetings,

I'm reading through the 8.4 guide NAT configurations explanations and examples. I stumbled on the following example.

The following example configures dynamic NAT that hides 192.168.2.0 network behind a range of

outside addresses 10.2.2.1 through 10.2.2.10:

hostname(config)# object network my-range-obj

hostname(config-network-object)# range 10.2.2.1 10.2.2.10

hostname(config)# object network my-inside-net

hostname(config-network-object)# subnet 192.168.2.0 255.255.255.0

hostname(config-network-object)# nat (inside,outside) dynamic my-range-obj

This example confused me because Im looking for the line that ties everything together. How does the last line know to to NAT the inside range if it is not defined in the configuration? Is there a missing configuration that needs to be added?

hostname(config-network-object)# nat (inside,outside) dynamic my-range-obj

Thanks in advance for the help.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Hi,

The object: my-inside-net which is the 192.168.2.0/24 has a NAT statement to translate to the object: my-range-obj which is the range: 10.2.2.1 through 10.2.2.10

So, you have the two above objects defined in the configuration, and under the ''local'' or ''subnet'' object, exists the NAT rule to translate it to the range specified with the other object.

Hope it helps.


Federico.

View solution in original post

3 REPLIES 3
Highlighted

Hi,

The object: my-inside-net which is the 192.168.2.0/24 has a NAT statement to translate to the object: my-range-obj which is the range: 10.2.2.1 through 10.2.2.10

So, you have the two above objects defined in the configuration, and under the ''local'' or ''subnet'' object, exists the NAT rule to translate it to the range specified with the other object.

Hope it helps.


Federico.

View solution in original post

Highlighted

Hi Federico,

Thanks for the clarification. Now I realise where i got confused. The NAT statement is inside the Object-group sub commands.

Highlighted

Glad I could help :-)

Federico.

Content for Community-Ad