Object-NAT question

Cisco Freak · ‎01-28-2017

Hi Experts,

I was trying to learn object-nat in ASA. I tried this NAT configuration, but it's not working.

I have defined these objects for testing:

object network 1.1.1.0_252
subnet 1.1.1.0 255.255.255.252

object network 12.1.1.96_252
subnet 12.1.1.96 255.255.255.252

I have added this NAT config after defining objects:

ciscoasa(config)# object network 1.1.1.0_252

ciscoasa(config-network-object)# nat (inside,outside) static 12.1.1.96_252

The command got accepted by the ASA, but when I check the ASA configuration, it doesn't show any NAT config.

ciscoasa(config-network-object)# sh run nat
ciscoasa(config-network-object)#

Can you please explain why this is not working with object-nat? I know I can add it in manual section. But I am curious to know why object-nat is not working.

ciscoasa(config)# nat (inside,outside) source static 1.1.1.0_252 12.1.1.96_252
ciscoasa(config)# sh run nat
nat (inside,outside) source static 1.1.1.0_252 12.1.1.96_252

CF

choiky001 · ‎01-28-2017

1. packets captured

-> show cap capin

-> show cap capout

ex :

asa#packet-tracer input outside tcp 209.165.200.225 1234 10.2.3.2 80

-> Check nat packets.

2. show nat detail

-> translate_hits . count chek.

3.http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/116388-technote-nat-00.html

Cisco Freak · ‎01-29-2017

I question is why the configuration is not even showing in the running configuration.

Running config output:

ciscoasa(config-network-object)# sh run nat
ciscoasa(config-network-object)#