Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1374
Views
10
Helpful
2
Replies

PAT using a Different IP from ASA "Outside" Interface

johnlloyd_13
Level 9
Level 9

‎09-09-2020 07:50 PM

hi,

quick question, does the IP address for doing dynamic PAT has to be in the same subnet as the ASA "outside" interface?

see sample below. we control the routing for the "outside" network which integrates with a partner network.

 

interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 100.1.1.1 255.255.255.0

 

object network OBJ-192.168.1.0-24
nat (inside,outside) dynamic 200.1.1.10

 

0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎09-09-2020 11:38 PM

Hi,

Yes that will work. You just need to ensure the upstream router has a route to that IP address/network via the ASA.

HTH

Ruben Cocheno
Spotlight
Spotlight

‎09-10-2020 07:33 AM - edited ‎09-10-2020 07:34 AM

@johnlloyd_13 

 

you control the egress, so you can set what IP is going to appear on the outside network, using dynamic PAT for different ranges. In fact thata is a very good strategy. I will assume that you have a default route through that interface. 

 

Youd config looks right.

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card