Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
799
Views
0
Helpful
4
Replies

NAT on ASA 8.4 (x)

gavin han
Level 1
Level 1

‎10-11-2012 05:34 PM - edited ‎03-11-2019 05:08 PM

Hi,

I've to do NAT/PAT on ASA 5540 that's running 8.4 (x) verision. We have two interfaces, INSIDE and OUTSIDE.

we want to NAT/PAT any traffic coming into INSIDE and going out from OUTSIDE interface and that traffic should be NAT'ed/PAT'ed to 10.10.1.0/30.

How do I do that?

please advise. I'm not much familiar with the new NAT/PAT mathodology that's changed in this newer code. how do we do it with object group?

please advise about a good link for NAT/PAT for ASA as well.

Thanks in advance.

Labels:
0 Helpful
4 Replies 4

Jennifer Halim
Cisco Employee
Cisco Employee

‎10-11-2012 07:37 PM

here is the configuration guide on configuring NAT/PAT on ASA version 8.3 and higher:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b7c91b.shtml

Hope that helps.

0 Helpful

nkarthikeyan
Level 7
Level 7

‎10-11-2012 07:41 PM

Hi Gavin,

In 8.4x version you can do the required NAT like the below. I assume your inside segment subnet is 10.0.0.0/24 to be PAT'ed to range of IP's 10.10.1.1-3.

object network obj-10.0.0.0

   subnet 10.0.0.0 255.255.255.0

   nat (inside,outisde) dynamic obj-10.10.1.1-10.10.1.3

object network obj-10.10.1.1-10.10.1.3

   range 10.10.1.1 10.10.1.3

The below document describes a good examples of Pre and Post vresion NAT changes.

https://supportforums.cisco.com/docs/DOC-9129

Hope this helps.

Please do rate if the given information helps.

By

Karthik

0 Helpful

gavin han
Level 1
Level 1
In response to nkarthikeyan

‎10-11-2012 07:56 PM

Hi Karthik,

where did you reference object obj-10.0.0.0? I don't see it in your statement does that mean we don't have to mention it in the NAT?

0 Helpful

nkarthikeyan
Level 7
Level 7
In response to gavin han

‎10-11-2012 08:10 PM

Hi Gavin,

Yes its not required. Bcoz you are defining NAT rules in that object group for 10.0.0.0. So it is not required to mention here in NAT statement. So the pat should work. The below example is just almost the same as your requirement... here adfditionally we are NAT/PAT the DMZ as well.... In your case you are using a range of IP Address. Even you can use the Subnet itself.

Regular Dynamic PAT

nat (inside) 1   192.168.1.0 255.255.255.0
nat (dmz) 1 10.1.1.0 255.255.255.0
global (outside) 1
192.168.100.100

object network obj-192.168.1.0
    subnet 192.168.1.0 255.255.255.0
    nat (inside,outside) dynamic 192.168.100.100
object network obj-10.1.1.0
    subnet 10.1.1.0 255.255.255.0
    nat (dmz,outside) dynamic 192.168.100.100

Hope this helps.

Please do rate if the given information helps.

By

Karthik

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card