Solved: [Question] Dynamic NAT on 2 different networks

bhalbautista · ‎02-25-2013

Hi,

I just want to ask if its possible to have same dynamic translation within 2 different networks like:

interface gig 0/1

1.1.1.1 255.255.255.0 (LAN Connection w/ DHCP enabled)

inteface gig 0/2

2.2.2.1 255.255.255.0 (Wireless Connection w/ DHCP enabled)

Actually, the scenario was 1.1.1.1 is my LAN connection and 2.2.2.1 are my Wireless connection.

Hope this merits their favorable response. Thanks.

Jouni Forss · ‎02-25-2013

Hi,

Do you mean that you want both of the said LAN networks to use Dynamic NAT/PAT towards a third interface on the ASA?

If you simply want to use the same NAT/PAT address for 2 different networks on the ASA then you can use the following configurations as example

These are PAT translations to a single IP address. Using a NAT Pool would change the configurations slightly.

For ASA software 8.2 and below

global (outside) 100 3.3.3.1

nat (inside) 100 1.1.1.0 255.255.255.0

nat (wireless) 100 2.2.2.0 255.255.255.0

Where

outside,inside and wireless = Interface "nameif" on the ASA firewall
100 = Is just an ID number for the NAT configuration. You can use other one also

For ASA software 8.3 and after

object-group network PAT-SOURCE-NETWORKS

network-object 1.1.1.0 255.255.255.0

network-object 2.2.2.0 255.255.255.0

nat (inside,outside) after-auto source dynamic PAT-SOURCE NETWORKS interface

nat (wireless,outside) after-auto source dynamic PAT-SOURCE NETWORKS interface

Where

PAT-SOURCE-NETWORKS = Is an "object-group" where you can define the source networks for the NAT/PAT rule

Hope this helps Please if you found the information helpfull

Feel free to ask more if this didnt answer your question.

- Jouni

View solution in original post

bhalbautista · ‎02-25-2013

I forgot to include, the 2 different network mentioned above will be translated into 3.3.3.1 Thanks!

Jouni Forss · ‎02-25-2013

Hi,

Do you mean that you want both of the said LAN networks to use Dynamic NAT/PAT towards a third interface on the ASA?

If you simply want to use the same NAT/PAT address for 2 different networks on the ASA then you can use the following configurations as example

These are PAT translations to a single IP address. Using a NAT Pool would change the configurations slightly.

For ASA software 8.2 and below

global (outside) 100 3.3.3.1

nat (inside) 100 1.1.1.0 255.255.255.0

nat (wireless) 100 2.2.2.0 255.255.255.0

Where

outside,inside and wireless = Interface "nameif" on the ASA firewall
100 = Is just an ID number for the NAT configuration. You can use other one also

For ASA software 8.3 and after

object-group network PAT-SOURCE-NETWORKS

network-object 1.1.1.0 255.255.255.0

network-object 2.2.2.0 255.255.255.0

nat (inside,outside) after-auto source dynamic PAT-SOURCE NETWORKS interface

nat (wireless,outside) after-auto source dynamic PAT-SOURCE NETWORKS interface

Where

PAT-SOURCE-NETWORKS = Is an "object-group" where you can define the source networks for the NAT/PAT rule

Hope this helps Please if you found the information helpfull

Feel free to ask more if this didnt answer your question.

- Jouni

bhalbautista · ‎02-28-2013

Hi,

Thanks for your help. I was able to configure 2 diff networks on a single translation. Thank you so much.