Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
291
Views
0
Helpful
4
Replies

Object network nonat

Go to solution
richard.schultz1
Level 1
Level 1

‎06-19-2015 06:25 AM - edited ‎03-11-2019 11:09 PM

Good morning all (or evening, however)

 

I have a question!

 

I am looking to create a nonat object that contains an object-group. Is this possible?

ASA version 8.6(1)2

 

object-group network awesome

 network-object host x.x.x.x

 network-object host x.x.x.y

 

nat (inside,outside) source static nonat(172.16.248.0-24) nonat(172.16.248.0-24) destination static nonat(awesome) nonat(awesome)

 

Well, when I go to create the nonat object there's no option for object-group. 

 

Curious if there's a different way to do this, if this is even necessary, or if I'm pipe dreaming.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Vibhor Amrodia
Cisco Employee
Cisco Employee

‎06-19-2015 07:06 AM

Hi,

You can create a manual NAT and reference the Object Group in it:-

nat (inside,outside) source static obj-172.16.248.0-24 obj-172.16.248.0-24 destination static awesome awesome no-proxy-arp route-lookup

Refer:-

http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/nat_objects.html

Thanks and Regards,

Vibhor Amrodia

View solution in original post

0 Helpful

Go to solution
Vibhor Amrodia
Cisco Employee
Cisco Employee
In response to richard.schultz1

‎06-23-2015 04:43 AM

Hi,

Converted statement for Pix 8.x would be:-

access-list nonat extended permit ip 172.16.248.0 255.255.255.0 object-group awesome

nat (inside) 0 access-list nonat

Thanks and Regards,

Vibhor Amrodia

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Vibhor Amrodia
Cisco Employee
Cisco Employee

‎06-19-2015 07:06 AM

Hi,

You can create a manual NAT and reference the Object Group in it:-

nat (inside,outside) source static obj-172.16.248.0-24 obj-172.16.248.0-24 destination static awesome awesome no-proxy-arp route-lookup

Refer:-

http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/nat_objects.html

Thanks and Regards,

Vibhor Amrodia

0 Helpful

Go to solution
richard.schultz1
Level 1
Level 1
In response to Vibhor Amrodia

‎06-22-2015 06:54 AM

Excellent!

 

That being said, how would that look reflected on the distant end running PIX 8.0(4)?

 

access-list nonat extended permit ip object-group awesome 172.16.248.0 255.255.255.0 

 

If the object-group awesome is in reference to a particular interface, would that look like.

 

Sorry, I'm a bit noobish. (and by a bit I mean quite)

 

 

0 Helpful

Go to solution
Vibhor Amrodia
Cisco Employee
Cisco Employee
In response to richard.schultz1

‎06-23-2015 04:43 AM

Hi,

Converted statement for Pix 8.x would be:-

access-list nonat extended permit ip 172.16.248.0 255.255.255.0 object-group awesome

nat (inside) 0 access-list nonat

Thanks and Regards,

Vibhor Amrodia

0 Helpful

Go to solution
richard.schultz1
Level 1
Level 1
In response to Vibhor Amrodia

‎06-24-2015 05:40 AM

Very good! Thank you so much!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card