Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1187
Views
5
Helpful
5
Replies

Trying to us object-group and PAT

Go to solution
weichenb2
Level 1
Level 1

‎11-13-2012 10:52 AM - edited ‎03-11-2019 05:22 PM

I am trying to configure dynamic PAT on a Cisco ASA 5510 using an object-group and having difficulty.

How can I use an object-group, which includes five subnets, as a source for NATing to a dynamic PAT address?

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎11-13-2012 11:36 AM

Hello,

Okay so you already created the object-group ( Let's say it's called internal_subnets)

So nat should be :

nat (inside,outside) source dynamic internal_subnets interface

In the last example it will get patted to the outside interface, if you want to PAT it to a different IP than the outside interface just create a object network host and use it on the NAT instead of the interface keyword,

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to weichenb2

‎11-13-2012 11:47 AM

Hello,

No, that command is for twice NAT not auto-nat ( object_nat)

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to weichenb2

‎11-13-2012 02:01 PM

Hello,

That is just the name  ( and yes they used that name because of that) but it can also be used on a singular nat ( I mean no use of the destination keyword)

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎11-13-2012 11:36 AM

Hello,

Okay so you already created the object-group ( Let's say it's called internal_subnets)

So nat should be :

nat (inside,outside) source dynamic internal_subnets interface

In the last example it will get patted to the outside interface, if you want to PAT it to a different IP than the outside interface just create a object network host and use it on the NAT instead of the interface keyword,

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Go to solution
weichenb2
Level 1
Level 1
In response to Julio Carvajal

‎11-13-2012 11:45 AM

Should the "nat (inside,outside) source dynamic internal_subnets interface" command be under the object-group?

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to weichenb2

‎11-13-2012 11:47 AM

Hello,

No, that command is for twice NAT not auto-nat ( object_nat)

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
weichenb2
Level 1
Level 1
In response to Julio Carvajal

‎11-13-2012 01:49 PM

Does "twice NAT" mean two-way NAT?

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to weichenb2

‎11-13-2012 02:01 PM

Hello,

That is just the name  ( and yes they used that name because of that) but it can also be used on a singular nat ( I mean no use of the destination keyword)

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card