Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1896
Views
20
Helpful
6
Replies

NAT on a Stick to and ASA

Go to solution
vivarock12
Level 1
Level 1

‎06-12-2020 03:36 PM

is it posible to translate a Nat on a STICK to an ASA?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
vivarock12
Level 1
Level 1

‎06-23-2020 08:49 AM

not sure about nat on stick but i end up doing the following:

auto
!
object network NOC
subnet 10.241.120.0 255.255.255.0
nat (inside,Client_wan) dynamic 10.10.30.15
!


manual
object network NOC
subnet 10.241.120.0 255.255.255.0
!
object network NAT-IP
host 10.10.30.15
!
nat(inside,Client_wan) source dynamic NOC NAT-IP
!

 

it work in both cases.

View solution in original post

6 Replies 6

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎06-13-2020 03:09 AM

I do not see any issue of deployment method, do you have any failures to deploy?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Marius Gunnerud
VIP
VIP

‎06-13-2020 07:08 AM

This is possible so long as you have the command same-security permit intra-interface command configured.  Most commonly, in my experience, this is done for RA VPN users that use a tunnel all configuration and require internet access.

Is there a specific scenario you are having issues with?  If yes, please provide a more detailed description of the issue so we can help you further.

--
Please remember to select a correct answer and rate helpful posts

Go to solution
vivarock12
Level 1
Level 1
In response to Marius Gunnerud

‎06-14-2020 07:04 AM

Well in this case is for reaching a service.

 

so what i want to do is the folowing in the outside-mpls interface i have the ip adress 10.10.10.2/30,

but the trafic i need to NAT(10.241.120.0/23) is not to that ip address, i need to NAT to one ip address of 10.10.30.13/32(example). 

because the other side router only knows the 10.10.30.0/24.

so can this be done?

 

                                                 10.10.10.0/30               172.16.3.0/30

10.10.30.1/29[Core]----[ASA]-.2----------.1-[ISP]-.1-----------.2-[Client]--[Lan X]

                        |

10.241.120.0/23

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to vivarock12

‎06-14-2020 10:22 AM

Does the ASA have an interface in the 10.10.30.0/24 network? 

Where is the source traffic coming from (source IP)? 

So, if I understand correctly, you want to use an IP in the 10.10.10.0/30 as the destination for an IP in the 10.10.30.0/24 network?  If this is the case, this is possible.  Just make sure that the destination network knows how to route back to the source network.

--
Please remember to select a correct answer and rate helpful posts

Go to solution
vivarock12
Level 1
Level 1
In response to Marius Gunnerud

‎06-14-2020 09:43 PM

Does the ASA have an interface in the 10.10.30.0/24 network?

no, the asa haves a l3 conection to the core, the core has the 10.10.30.x/30, for some reason on the other side they alow the 10.10.30/24.so i have to nat to some op of this segment.

 

so it is posible besides the fact that the asa does not have that ip directly connected?

and if is posible coud you share and example.

 

and thank by le way.

0 Helpful

Go to solution
vivarock12
Level 1
Level 1

‎06-23-2020 08:49 AM

not sure about nat on stick but i end up doing the following:

auto
!
object network NOC
subnet 10.241.120.0 255.255.255.0
nat (inside,Client_wan) dynamic 10.10.30.15
!


manual
object network NOC
subnet 10.241.120.0 255.255.255.0
!
object network NAT-IP
host 10.10.30.15
!
nat(inside,Client_wan) source dynamic NOC NAT-IP
!

 

it work in both cases.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card