cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
664
Views
0
Helpful
5
Replies

NATing 8.2.5 to 9.8.1

john.wright
Level 3
Level 3

Anybody know how I would turn this IOS 8.2.5 nat statement into a IOS 9.8.1 nat statement? 

static (DMZ-ADT,outside) udp ADT-Remote-Access 20000 192.168.13.3 20000 netmask 255.255.255.255

5 Replies 5

Bogdan Nita
VIP Alumni
VIP Alumni

It should be:

object network ADT-Remote-Access
 host x.x.x.x
 nat (DMZ-ADT,outside) static 192.168.13.3 service tcp 20000 20000

Thank you for the reply to my question.

However, I should have provide more detail.

Here is what we actually have the 5510 with ios 8.2.5
static (DMZ-ADT,outside) udp ADT-Remote-Access 20000 192.168.13.3 20000 netmask 255.255.255.255
static (DMZ-ADT,outside) udp ADT-Remote-Access 20001 192.168.13.4 20001 netmask 255.255.255.255
static (DMZ-ADT,outside) udp ADT-Remote-Access 20002 192.168.13.5 20002 netmask 255.255.255.255
static (DMZ-ADT,outside) udp ADT-Remote-Access 20003 192.168.13.6 20003 netmask 255.255.255.255
static (DMZ-ADT,outside) udp ADT-Remote-Access 8200 192.168.13.2 8200 netmask 255.255.255.255
static (DMZ-ADT,outside) tcp ADT-Remote-Access 8200 192.168.13.2 8200 netmask 255.255.255.255
static (DMZ-ADT,outside) udp ADT-Remote-Access 8016 192.168.13.2 8016 netmask 255.255.255.255
static (DMZ-ADT,outside) tcp ADT-Remote-Access 8016 192.168.13.2 8016 netmask 255.255.255.255
static (DMZ-ADT,outside) udp ADT-Remote-Access 12088 192.168.13.2 12088 netmask 255.255.255.255
static (DMZ-ADT,outside) tcp ADT-Remote-Access 12088 192.168.13.2 12088 netmask 255.255.255.255
static (DMZ-ADT,outside) udp ADT-Remote-Access 10019 192.168.13.2 10019 netmask 255.255.255.255
static (DMZ-ADT,outside) tcp ADT-Remote-Access 10019 192.168.13.2 10019 netmask 255.255.255.255
static (DMZ-ADT,outside) udp ADT-Remote-Access 18802 192.168.13.7 18802 netmask 255.255.255.255
static (DMZ-ADT,outside) tcp ADT-Remote-Access 18802 192.168.13.7 18802 netmask 255.255.255.255
static (DMZ-ADT,outside) udp ADT-Remote-Access 18810 192.168.13.7 18810 netmask 255.255.255.255
static (DMZ-ADT,outside) tcp ADT-Remote-Access 18810 192.168.13.7 18810 netmask 255.255.255.255
static (DMZ-ADT,outside) udp ADT-Remote-Access 18803 192.168.13.7 18803 netmask 255.255.255.255
static (DMZ-ADT,outside) tcp ADT-Remote-Access 18803 192.168.13.7 18803 netmask 255.255.255.255
static (DMZ-ADT,outside) udp ADT-Remote-Access 18801 192.168.13.7 18801 netmask 255.255.255.255
static (DMZ-ADT,outside) tcp ADT-Remote-Access 18801 192.168.13.7 18801 netmask 255.255.255.255
static (DMZ-ADT,outside) udp ADT-Remote-Access 18001 192.168.13.7 18001 netmask 255.255.255.255
static (DMZ-ADT,outside) tcp ADT-Remote-Access 18001 192.168.13.7 18001 netmask 255.255.255.255



when I try to add the second rule I get this warning:

OH5FW50(config-network-object)# nat (DMZ-ADT,outside) static 192.168.13.3 serv$

OH5FW50(config-network-object)# exit

OH5FW50(config)# object network ADT-Remote-Access

OH5FW50(config-network-object)# host 192.168.13.4

WARNING: mapped-address 192.168.13.3/20000 overlaps with existing static NAT in Section 2, rule 1.



What am I to do now?

Thanks for help

I believe you are receiving the error because you are changing the IP inside the object that has a NAT statement. In order to make it work you will need different names for the ADT-Remote-Access object, something like this:

object network ADT-Remote-Access-x
host x.x.x.x
nat (DMZ-ADT,outside) static 192.168.13.3 service tcp 20000 20000
!
object network ADT-Remote-Access-y
host y.y.y.y
nat (DMZ-ADT,outside) static 192.168.13.4 service tcp 20001 20001

Thank you for the response.

Do I also need to create an outside object host for each instance of ADT-Remote-Access-x,y,z ...



Here is the original from 5510 ios 8.2.5.

name a.b.c.d ADT-Remote-Access description Outside address for ADT remote access

object network ADT-Remote-Access_x

host a.b.c.d ==> same outside addr as the one below.



object network ADT-Remote-Access_y

host a.b.c.d




Yes, you need to configure an object every time you use a NAT statement under it in this case.

Sorry I confused the IPs on my example, here my example corrected:

object network ADT-Remote-Access-x
host a.b.c.d
nat (DMZ-ADT,outside) static 192.168.13.3 service tcp 20000 20000
!
object network ADT-Remote-Access-y
host a.b.c.d
nat (DMZ-ADT,outside) static 192.168.13.4 service tcp 20001 20001

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: