Solved: NAT 0 using Network Object NAT in OS 8.6

tdotvix1982 · ‎06-11-2012

Hi,

I am trying to create an IPSEC remote access vpn and am working for the first time with Network Object NAT on a 5512 X architecture with 8.6 OS. I would like to know how to create a NONAT scenario with users on the other side using a NAT 0 nat entry so that traffic going to subnets on the other end of the VPN do not get NATTED?

Thanks,

Vick.

Jennifer Halim · ‎06-11-2012

Here you go:

For example:

local LAN: 192.168.5.0/24

remote LAN: 192.168.88.0/24

network object local-LAN

subnet 192.168.5.0 255.255.255.0

network object remote-LAN

subnet 192.168.88.0 255.255.255.0

nat (inside,outside) source static local-LAN local-LAN destination static remote-LAN remote-LAN

Hope that helps.

View solution in original post

Jennifer Halim · ‎06-11-2012

Here you go:

For example:

local LAN: 192.168.5.0/24

remote LAN: 192.168.88.0/24

network object local-LAN

subnet 192.168.5.0 255.255.255.0

network object remote-LAN

subnet 192.168.88.0 255.255.255.0

nat (inside,outside) source static local-LAN local-LAN destination static remote-LAN remote-LAN

Hope that helps.

Patrick Devine · ‎06-14-2013

How do you do this with multiple internal networks with the NAT pool in the middle of the inside subnets?

Jouni Forss · ‎06-14-2013

Hi,

I am not sure what you mean with the "NAT Pool in the middle of the inside subnets"

But if you just want to configure multiple source networks for the NAT0 type configuration in the new software then you can use the following

object-group network LAN-NETWORKS

network-object 10.10.10.0 255.255.255.0

network-object 10.10.20.0 255.255.255.0

network-object 10.10.30.0 255.255.255.0

object-group network REMOTE-NETWORKS

network-object 10.10.100.0 255.255.255.0

network-object 10.10.200.0 255.255.255.0

nat (inside,outside) source static LAN-NETWORKS LAN-NETWORKS destination static REMOTE-NETWORKS REMOTE-NETWORKS

This should about do it.

Hope this helps

Please remember to rate the reply if you found it helpful.

Ask more if needed

- Jouni

Patrick Devine · ‎06-14-2013

The inside networks are:

192.168.1.0 255.255.255.0

192.168.2.0 255.255.255.0

192.168.4.0 255.255.255.0

192.168.5.0 255.255.255.0

192.168.7.0 255.255.255.0

192.168.8.0 255.255.255.0

192.168.11.0 255.255.255.0

192.168.12.0 255.255.255.0

192.168.14.0 255.255.255.0

192.168.16.0 255.255.255.0

192.168.21.0 255.255.255.0

192.168.31.0 255.255.255.0

192.168.33.0 255.255.255.0

The VPN pool is 192.168.10.0/24.

Jouni Forss · ‎06-14-2013

Hi,

It would be the following then

object-group network LAN-NETWORKS

network-object 192.168.1.0 255.255.255.0

network-object 192.168.2.0 255.255.255.0

network-object 192.168.4.0 255.255.255.0

network-object 192.168.5.0 255.255.255.0

network-object 192.168.7.0 255.255.255.0

network-object 192.168.8.0 255.255.255.0

network-object 192.168.11.0 255.255.255.0

network-object 192.168.12.0 255.255.255.0

network-object 192.168.14.0 255.255.255.0

network-object 192.168.16.0 255.255.255.0

network-object 192.168.21.0 255.255.255.0

network-object 192.168.31.0 255.255.255.0

network-object 192.168.33.0 255.255.255.0

object-group network REMOTE-NETWORKS

network-object 192.168.10.0 255.255.255.0

nat (inside,outside) source static LAN-NETWORKS LAN-NETWORKS destination static REMOTE-NETWORKS REMOTE-NETWORKS

- Jouni

Patrick Devine · ‎06-14-2013

That did the trick.

Thank You very much.

Patrick.

Jouni Forss · ‎06-14-2013

Hi,

Glad it helped.

Please do remember to rate the reply if you found it helpfull

- Jouni