cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

385
Views
0
Helpful
5
Replies
john.wright
Participant

NATing 8.2.5 to 9.8.1

Anybody know how I would turn this IOS 8.2.5 nat statement into a IOS 9.8.1 nat statement? 

static (DMZ-ADT,outside) udp ADT-Remote-Access 20000 192.168.13.3 20000 netmask 255.255.255.255

5 REPLIES 5
Bogdan Nita
Rising star

It should be:

object network ADT-Remote-Access
 host x.x.x.x
 nat (DMZ-ADT,outside) static 192.168.13.3 service tcp 20000 20000

Thank you for the reply to my question.

However, I should have provide more detail.

Here is what we actually have the 5510 with ios 8.2.5
static (DMZ-ADT,outside) udp ADT-Remote-Access 20000 192.168.13.3 20000 netmask 255.255.255.255
static (DMZ-ADT,outside) udp ADT-Remote-Access 20001 192.168.13.4 20001 netmask 255.255.255.255
static (DMZ-ADT,outside) udp ADT-Remote-Access 20002 192.168.13.5 20002 netmask 255.255.255.255
static (DMZ-ADT,outside) udp ADT-Remote-Access 20003 192.168.13.6 20003 netmask 255.255.255.255
static (DMZ-ADT,outside) udp ADT-Remote-Access 8200 192.168.13.2 8200 netmask 255.255.255.255
static (DMZ-ADT,outside) tcp ADT-Remote-Access 8200 192.168.13.2 8200 netmask 255.255.255.255
static (DMZ-ADT,outside) udp ADT-Remote-Access 8016 192.168.13.2 8016 netmask 255.255.255.255
static (DMZ-ADT,outside) tcp ADT-Remote-Access 8016 192.168.13.2 8016 netmask 255.255.255.255
static (DMZ-ADT,outside) udp ADT-Remote-Access 12088 192.168.13.2 12088 netmask 255.255.255.255
static (DMZ-ADT,outside) tcp ADT-Remote-Access 12088 192.168.13.2 12088 netmask 255.255.255.255
static (DMZ-ADT,outside) udp ADT-Remote-Access 10019 192.168.13.2 10019 netmask 255.255.255.255
static (DMZ-ADT,outside) tcp ADT-Remote-Access 10019 192.168.13.2 10019 netmask 255.255.255.255
static (DMZ-ADT,outside) udp ADT-Remote-Access 18802 192.168.13.7 18802 netmask 255.255.255.255
static (DMZ-ADT,outside) tcp ADT-Remote-Access 18802 192.168.13.7 18802 netmask 255.255.255.255
static (DMZ-ADT,outside) udp ADT-Remote-Access 18810 192.168.13.7 18810 netmask 255.255.255.255
static (DMZ-ADT,outside) tcp ADT-Remote-Access 18810 192.168.13.7 18810 netmask 255.255.255.255
static (DMZ-ADT,outside) udp ADT-Remote-Access 18803 192.168.13.7 18803 netmask 255.255.255.255
static (DMZ-ADT,outside) tcp ADT-Remote-Access 18803 192.168.13.7 18803 netmask 255.255.255.255
static (DMZ-ADT,outside) udp ADT-Remote-Access 18801 192.168.13.7 18801 netmask 255.255.255.255
static (DMZ-ADT,outside) tcp ADT-Remote-Access 18801 192.168.13.7 18801 netmask 255.255.255.255
static (DMZ-ADT,outside) udp ADT-Remote-Access 18001 192.168.13.7 18001 netmask 255.255.255.255
static (DMZ-ADT,outside) tcp ADT-Remote-Access 18001 192.168.13.7 18001 netmask 255.255.255.255



when I try to add the second rule I get this warning:

OH5FW50(config-network-object)# nat (DMZ-ADT,outside) static 192.168.13.3 serv$

OH5FW50(config-network-object)# exit

OH5FW50(config)# object network ADT-Remote-Access

OH5FW50(config-network-object)# host 192.168.13.4

WARNING: mapped-address 192.168.13.3/20000 overlaps with existing static NAT in Section 2, rule 1.



What am I to do now?

Thanks for help

I believe you are receiving the error because you are changing the IP inside the object that has a NAT statement. In order to make it work you will need different names for the ADT-Remote-Access object, something like this:

object network ADT-Remote-Access-x
host x.x.x.x
nat (DMZ-ADT,outside) static 192.168.13.3 service tcp 20000 20000
!
object network ADT-Remote-Access-y
host y.y.y.y
nat (DMZ-ADT,outside) static 192.168.13.4 service tcp 20001 20001

Thank you for the response.

Do I also need to create an outside object host for each instance of ADT-Remote-Access-x,y,z ...



Here is the original from 5510 ios 8.2.5.

name a.b.c.d ADT-Remote-Access description Outside address for ADT remote access

object network ADT-Remote-Access_x

host a.b.c.d ==> same outside addr as the one below.



object network ADT-Remote-Access_y

host a.b.c.d




Yes, you need to configure an object every time you use a NAT statement under it in this case.

Sorry I confused the IPs on my example, here my example corrected:

object network ADT-Remote-Access-x
host a.b.c.d
nat (DMZ-ADT,outside) static 192.168.13.3 service tcp 20000 20000
!
object network ADT-Remote-Access-y
host a.b.c.d
nat (DMZ-ADT,outside) static 192.168.13.4 service tcp 20001 20001

Content for Community-Ad