Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
748
Views
4
Helpful
8
Replies

Simple ASA NAT question...

Go to solution
jmaxwellUSAF
VIP
VIP

‎12-19-2023 06:26 AM

Hello.

May you please explain to me which ip-addresses the below ASA5525 NAT command translate to which IP-addresses?

"nat (inside,outside) source dynamic OBJECT_1"

Thank you.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎12-19-2023 06:36 AM - edited ‎12-19-2023 06:37 AM

@jmaxwellUSAF traffic on the inside interface will be translated on the outside interface to the IP address defined in the object called "OBJECT_1".

You can use show run object from the CLI to determine the object configuration,

View solution in original post

8 Replies 8

Go to solution
Rob Ingram
VIP
VIP

‎12-19-2023 06:36 AM - edited ‎12-19-2023 06:37 AM

@jmaxwellUSAF traffic on the inside interface will be translated on the outside interface to the IP address defined in the object called "OBJECT_1".

You can use show run object from the CLI to determine the object configuration,

Go to solution
jmaxwellUSAF
VIP
VIP
In response to Rob Ingram

‎12-19-2023 06:45 AM

may you please explain the same for below?

"nat (inside,outside) source dynamic OBJECT_1 interface"

Thank you!

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to jmaxwellUSAF

‎12-19-2023 06:47 AM

@jmaxwellUSAF if the object "OBJECT_1" is exhausted, then translated behind the outside interface.

Go to solution
MHM Cisco World
VIP
VIP
In response to jmaxwellUSAF

‎12-19-2023 06:50 AM

Each interface can PAT to around 65000 after that the PAT not work' so we add more than IP (must reachable via OUTside) to make PAT NATing 65000XIP we add

MHM

Go to solution
jmaxwellUSAF
VIP
VIP
In response to Rob Ingram

‎12-19-2023 08:13 AM

"nat (inside,outside) source dynamic OBJECT_1"

---

You say... "traffic on the inside interface will be translated on the outside interface to the IP address defined in the object called "OBJECT_1".

It seems the ASA contradicts your statement...

ASA5525# nat (inside,ouside) source dynamic ?

configure mode commands/options:
WORD Specify object or object-group name for real source.

What are your thoughts?

---

 

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to jmaxwellUSAF

‎12-19-2023 08:48 AM

@jmaxwellUSAF in your first post you provided the following configuration "nat (inside,outside) source dynamic OBJECT_1", this is incorrect if applied globally, it can only be configured under an object - which was my assumption that you were referring to in my responses. What are you actually trying to achieve?

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to jmaxwellUSAF

‎12-19-2023 09:17 AM

As @Rob Ingram mentioned

There are two dynamic one manual and  other is auto. 

What you use is auto which is use objects,

Here you must config object specify one IP or more. 

Both are same except the order the asa check. 

The asa check manual NAT then auto NAT

MHM

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎12-19-2023 06:37 AM

We use this to translate INside Subnet to one or more Public IP that is reachable via Outside interface.

MHM

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card