Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
464
Views
0
Helpful
3
Replies

[Question] Dynamic NAT on 2 different networks

Go to solution
bhalbautista
Level 1
Level 1

‎02-25-2013 08:28 AM - edited ‎03-11-2019 06:05 PM

Hi,

I just want to ask if its possible to have same dynamic translation within 2 different networks like:

interface gig 0/1

1.1.1.1 255.255.255.0 (LAN Connection w/ DHCP enabled)

inteface gig 0/2

2.2.2.1 255.255.255.0 (Wireless Connection w/ DHCP enabled)

Actually, the scenario was 1.1.1.1 is my LAN connection and 2.2.2.1 are my Wireless connection.

Hope this merits their favorable response. Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to bhalbautista

‎02-25-2013 11:00 AM

Hi,

Do you mean that you want both of the said LAN networks to use Dynamic NAT/PAT towards a third interface on the ASA?

If you simply want to use the same NAT/PAT address for 2 different networks on the ASA then you can use the following configurations as example

These are PAT translations to a single IP address. Using a NAT Pool would change the configurations slightly.

For ASA software 8.2 and below

global (outside) 100 3.3.3.1

nat (inside) 100 1.1.1.0 255.255.255.0

nat (wireless) 100 2.2.2.0 255.255.255.0

Where

  • outside,inside and wireless = Interface "nameif" on the ASA firewall
  • 100 = Is just an ID number for the NAT configuration. You can use other one also

For ASA software 8.3 and after

object-group network PAT-SOURCE-NETWORKS

network-object 1.1.1.0 255.255.255.0

network-object 2.2.2.0 255.255.255.0

nat (inside,outside) after-auto source dynamic PAT-SOURCE NETWORKS interface

nat (wireless,outside) after-auto source dynamic PAT-SOURCE NETWORKS interface

Where

  • PAT-SOURCE-NETWORKS = Is an "object-group" where you can define the source networks for the NAT/PAT rule

Hope this helps Please if you found the information helpfull

Feel free to ask more if this didnt answer your question.

- Jouni

View solution in original post

0 Helpful
3 Replies 3

Go to solution
bhalbautista
Level 1
Level 1

‎02-25-2013 08:30 AM

I forgot to include, the 2 different network mentioned above will be translated into 3.3.3.1 Thanks!

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to bhalbautista

‎02-25-2013 11:00 AM

Hi,

Do you mean that you want both of the said LAN networks to use Dynamic NAT/PAT towards a third interface on the ASA?

If you simply want to use the same NAT/PAT address for 2 different networks on the ASA then you can use the following configurations as example

These are PAT translations to a single IP address. Using a NAT Pool would change the configurations slightly.

For ASA software 8.2 and below

global (outside) 100 3.3.3.1

nat (inside) 100 1.1.1.0 255.255.255.0

nat (wireless) 100 2.2.2.0 255.255.255.0

Where

  • outside,inside and wireless = Interface "nameif" on the ASA firewall
  • 100 = Is just an ID number for the NAT configuration. You can use other one also

For ASA software 8.3 and after

object-group network PAT-SOURCE-NETWORKS

network-object 1.1.1.0 255.255.255.0

network-object 2.2.2.0 255.255.255.0

nat (inside,outside) after-auto source dynamic PAT-SOURCE NETWORKS interface

nat (wireless,outside) after-auto source dynamic PAT-SOURCE NETWORKS interface

Where

  • PAT-SOURCE-NETWORKS = Is an "object-group" where you can define the source networks for the NAT/PAT rule

Hope this helps Please if you found the information helpfull

Feel free to ask more if this didnt answer your question.

- Jouni

0 Helpful

Go to solution
bhalbautista
Level 1
Level 1
In response to Jouni Forss

‎02-28-2013 12:55 PM

Hi,

Thanks for your help. I was able to configure 2 diff networks on a single translation. Thank you so much.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card