02-09-2016 04:13 PM - edited 03-12-2019 12:15 AM
Hi,
Looking for a way to avoid using separate objects that are already in an object-group for dynamic nat outbound via interface.
object network one
subnet 10.0.0.0 255.0.0.0
object network two
subnet 172.16.0.0 255.240.0.0
object-group network one-two
network-object object one
network-object object two
! don't want this
object network one
nat (inside,outside) dynamic interface
object network two
nat (inside,outside) dynamic interface
! want this but it does not parse
object-group network one-two
nat (inside,outside) dynamic interface
Solved! Go to Solution.
02-09-2016 06:04 PM
Hi lcaruso,
You can use nat statements only under objects and not the object-group.
However, you could use this command in global configuration:
nat (inside,outside) sourc dynamic one-two interface
where you are referencing "one-two" object-group.
Here is a document for your reference:-
https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
02-09-2016 06:04 PM
Hi lcaruso,
You can use nat statements only under objects and not the object-group.
However, you could use this command in global configuration:
nat (inside,outside) sourc dynamic one-two interface
where you are referencing "one-two" object-group.
Here is a document for your reference:-
https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide