09-26-2011 09:19 AM - edited 03-11-2019 02:30 PM
nat (inside) 0 access-list no-nat
nat (management) 0 access-list no-nat
nat (dmz3) 0 access-list no-nat
nat (dmz3) 1 192.168.50.0 255.255.255.128
nat (dmz3) 1 172.16.0.0 255.255.252.0
nat (dmz3) 1 172.16.4.0 255.255.252.0
nat (dmz1) 0 access-list no-nat
nat (dmz1) 1 172.16.36.0 255.255.255.0
nat (dmz1) 1 192.178.36.0 255.255.255.0
global (outside) 1 192.138.x.x
access-list no-nat extended permit ip any 172.16.4.0 255.255.252.0
access-list no-nat extended permit ip any 172.16.0.0 255.255.252.0
access-list no-nat extended permit ip any 192.168.50.0 255.255.255.128
access-list no-nat extended permit ip any 192.178.36.0 255.255.255.0
access-list no-nat extended permit ip any 172.17.36.0 255.255.255.0
1) We currently have natting configured in above sequence on 8.0 version Firewall, we have multple inside ranges and for that reason we can't configured NAT0 one to one for each subnet. I need your help to understand how we can configure this kind of natting in 8.4 version.
2) Please also confirm me for which IP address do we need to allow inbound access-list for static nat with version 8.4
Thanks in advance.
Solved! Go to Solution.
09-26-2011 09:56 AM
HI Rajesh.
You nat exempt would be this in 8.4:
object-group network No_Nat
network-object 172.16.4.0 255.255.252.0
network-object 172.16.0.0 255.255.252.0
network-object 192.168.50.0 255.255.255.128
network-object 192.178.36.0 255.255.255.0
network-object 172.17.36.0 255.255.255.0
nat (inside,any) source static any any destination static No_Nat No_Nat
nat (dmz1,any) source static any any destination static No_Nat No_Nat
nat (dmz3,any) source static any any destination static No_Nat No_Nat
nat (management,any) source static any any destination static No_Nat No_Nat
For more info you can refer to this doc as well.
Thanks,
Varun
09-26-2011 09:56 AM
HI Rajesh.
You nat exempt would be this in 8.4:
object-group network No_Nat
network-object 172.16.4.0 255.255.252.0
network-object 172.16.0.0 255.255.252.0
network-object 192.168.50.0 255.255.255.128
network-object 192.178.36.0 255.255.255.0
network-object 172.17.36.0 255.255.255.0
nat (inside,any) source static any any destination static No_Nat No_Nat
nat (dmz1,any) source static any any destination static No_Nat No_Nat
nat (dmz3,any) source static any any destination static No_Nat No_Nat
nat (management,any) source static any any destination static No_Nat No_Nat
For more info you can refer to this doc as well.
Thanks,
Varun
09-26-2011 12:12 PM
Thanks for your reply Varun...
Have a small question for you..
If I upgrade my Firewall from version 8.0 to 8.4..
1 - will this support directly
2 - IF yes do I need to apply access-list with Private IP Address or It will automatically change the configuration.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide