cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2441
Views
20
Helpful
22
Replies

configuration NAT overload for ASA 5525

MohammadSalih
Level 1
Level 1

hi every one ,

i want to configure NAT over load

i have one public ip address 37.x.x.x

and pool of private ip addresses 70.70.x.x

when i configure natting by typing

nat (inside,outside) soure (static or dynamic) ,

there is no PAT configuration , because i want every private IPs share one public ip.

22 Replies 22

sorry I make double check your config you have two IN and one OUT, where is the config of other OUT interface??

hi

i have 2 IN and 2 OUT 

interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 37.X.X.194 255.255.255.248

interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 70.70.2.1 255.255.255.0

interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 70.70.3.1 255.255.255.0

object network public_LAN1
host 37.X.X.195
object network public_LAN2
host 37.X.X.196

object-group network private_LAN1
network-object 70.70.2.0 255.255.255.0
object-group network private_LAN2
network-object 70.70.3.0 255.255.255.0

(just missing the NAT/PAT command)

you meaning two public IP and one OUT interface ? am I right ?

yes

and each private goes to each public

70.70.2.0/24 (private) go to 37.X.X.195

70.70.3.0/24 (private) go to 37.X.X.196

 

Hello

clear configure object
clear configure object-group
nat (inside,outside) after-auto source dynamic any interface

route  outside 0 0 37.X.X.X


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

hi dear,

what do you mean by clear?

you mean remove configuration form the objects?

Hello
Did you try the configuration I previously posted (see below) ? 

Can you post the output from the following traces:
packet-tracer input inside tcp 70.70.2.x 12345 8.8.8.8 80
packet-tracer input inside tcp 70.70.3.x 12345 8.8.8.8 80

 

Lastly what you have explained from your OP the below should work

route outside 0 0 37.X.X.<-- default route and nexthop)

object network Inside_1
Subnet 70.70.2.0 255.255.255.0

object network outside1
host 37.X.X.195

object network Inside_2
subnet 70.70.3.0 255.255.255.0

object network outside2
host 37.X.X.196

nat (inside,outside)  1source dynamic Inside_1 outside1
nat (inside,outside)  2 source dynamic Inside_2 outside2
nat (inside,outside) after-auto source dynamic any interface


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Screenshot (167).png

this lab I run for you, check how I config the NAT overload using two public IP and one OUT interface.

Review Cisco Networking for a $25 gift card