Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
366
Views
0
Helpful
2
Replies

ASA 5505 8.3+ NAT question

Go to solution
ChuckHaynes
Level 3
Level 3

‎03-05-2015 04:38 PM - edited ‎03-05-2019 12:57 AM

Current config: Port 0 is outside (VLAN 2 - going to ISP) and Ports 1-7 are inside (VLAN 1 - going to internal LAN devices). The ASA version was upgraded to 8.3.1 a few months back and everything is working properly. However, we are now wanting to add a WAP to Port 7 (which is currently not being used). We want the WAP traffic to only be able to access the Internet and nothing on the LAN or WAN. I have created another VLAN (3) and assigned it to Port 7. I've blocked traffic from it to VLAN1. I've also configured DHCP and DNS - but I'm having a problem with NAT. I know NAT was changed in ASA 8.3, and that's what's giving me problems. I am trying to add this line: nat (dmz-wireless) 1 192.168.69.0 255.255.240.0 - but it tells me the command has been depreciated. I have done a "help nat" and read several web documents, but I'm still not fully understanding it. I am basically looking for the 8.3+ equivalent of that command. We do have an existing NAT line for our inside traffic, however, I don't think the addition of this WAP will affect that. Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎03-05-2015 06:55 PM

NAT on 8.3 onwards is very different and there are basically 3 separate sections where you can place your dynamic PAT statement.

People usually do it in either section 2 or section 3. You need to be careful because the section you place it in can affect other things,.

So I'll link to a document by Jouni Forss which is a post 8.3 NAT guide which is, in my opinion,  one of the best documents on this site to be honest. He recommends doing dynamic PAT in section 3.

It's a relatively quick read but if you are in a hurry there are examples for both dynamic PAT in section 2 and section 3.

I would recommend giving the whole thing a read and you may be able then to relate it to what you already have on your ASA -

https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli

if your still having problems after this then please post back.

If no one else has helped out I will check this thread out in the morning.

Jon

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎03-05-2015 06:55 PM

NAT on 8.3 onwards is very different and there are basically 3 separate sections where you can place your dynamic PAT statement.

People usually do it in either section 2 or section 3. You need to be careful because the section you place it in can affect other things,.

So I'll link to a document by Jouni Forss which is a post 8.3 NAT guide which is, in my opinion,  one of the best documents on this site to be honest. He recommends doing dynamic PAT in section 3.

It's a relatively quick read but if you are in a hurry there are examples for both dynamic PAT in section 2 and section 3.

I would recommend giving the whole thing a read and you may be able then to relate it to what you already have on your ASA -

https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli

if your still having problems after this then please post back.

If no one else has helped out I will check this thread out in the morning.

Jon

0 Helpful

Go to solution
ChuckHaynes
Level 3
Level 3
In response to Jon Marshall

‎03-07-2015 04:12 PM

Thanks, that pointed me in the right direction. I also found this link at the bottom of the page you linked to (in the comments).

https://supportforums.cisco.com/document/33921/asa-pre-83-83-nat-configuration-examples

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card