cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
854
Views
0
Helpful
3
Replies

NAT ASA 8.4+

merryllem
Level 1
Level 1

Greetings,

I'm reading through the 8.4 guide NAT configurations explanations and examples. I stumbled on the following example.

The following example configures dynamic NAT that hides 192.168.2.0 network behind a range of

outside addresses 10.2.2.1 through 10.2.2.10:

hostname(config)# object network my-range-obj

hostname(config-network-object)# range 10.2.2.1 10.2.2.10

hostname(config)# object network my-inside-net

hostname(config-network-object)# subnet 192.168.2.0 255.255.255.0

hostname(config-network-object)# nat (inside,outside) dynamic my-range-obj

This example confused me because Im looking for the line that ties everything together. How does the last line know to to NAT the inside range if it is not defined in the configuration? Is there a missing configuration that needs to be added?

hostname(config-network-object)# nat (inside,outside) dynamic my-range-obj

Thanks in advance for the help.

1 Accepted Solution

Accepted Solutions

Hi,

The object: my-inside-net which is the 192.168.2.0/24 has a NAT statement to translate to the object: my-range-obj which is the range: 10.2.2.1 through 10.2.2.10

So, you have the two above objects defined in the configuration, and under the ''local'' or ''subnet'' object, exists the NAT rule to translate it to the range specified with the other object.

Hope it helps.


Federico.

View solution in original post

3 Replies 3

Hi,

The object: my-inside-net which is the 192.168.2.0/24 has a NAT statement to translate to the object: my-range-obj which is the range: 10.2.2.1 through 10.2.2.10

So, you have the two above objects defined in the configuration, and under the ''local'' or ''subnet'' object, exists the NAT rule to translate it to the range specified with the other object.

Hope it helps.


Federico.

Hi Federico,

Thanks for the clarification. Now I realise where i got confused. The NAT statement is inside the Object-group sub commands.

Glad I could help :-)

Federico.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: