Solved: Natting query

r.kumar19841 · ‎09-26-2011

nat (inside) 0 access-list no-nat
nat (management) 0 access-list no-nat
nat (dmz3) 0 access-list no-nat
nat (dmz3) 1 192.168.50.0 255.255.255.128
nat (dmz3) 1 172.16.0.0 255.255.252.0
nat (dmz3) 1 172.16.4.0 255.255.252.0
nat (dmz1) 0 access-list no-nat
nat (dmz1) 1 172.16.36.0 255.255.255.0
nat (dmz1) 1 192.178.36.0 255.255.255.0
global (outside) 1 192.138.x.x

access-list no-nat extended permit ip any 172.16.4.0 255.255.252.0
access-list no-nat extended permit ip any 172.16.0.0 255.255.252.0
access-list no-nat extended permit ip any 192.168.50.0 255.255.255.128
access-list no-nat extended permit ip any 192.178.36.0 255.255.255.0
access-list no-nat extended permit ip any 172.17.36.0 255.255.255.0

1) We currently have natting configured in above sequence on 8.0 version Firewall, we have multple inside ranges and for that reason we can't configured NAT0 one to one for each subnet. I need your help to understand how we can configure this kind of natting in 8.4 version.

2) Please also confirm me for which IP address do we need to allow inbound access-list for static nat with version 8.4

Thanks in advance.

varrao · ‎09-26-2011

HI Rajesh.

You nat exempt would be this in 8.4:

object-group network No_Nat

network-object 172.16.4.0 255.255.252.0

network-object 172.16.0.0 255.255.252.0

network-object 192.168.50.0 255.255.255.128

network-object 192.178.36.0 255.255.255.0

network-object 172.17.36.0 255.255.255.0

nat (inside,any) source static any any destination static No_Nat No_Nat

nat (dmz1,any) source static any any destination static No_Nat No_Nat

nat (dmz3,any) source static any any destination static No_Nat No_Nat

nat (management,any) source static any any destination static No_Nat No_Nat

For more info you can refer to this doc as well.

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

varrao · ‎09-26-2011