cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
4261
Views
0
Helpful
7
Replies
tdotvix1982
Beginner

NAT 0 using Network Object NAT in OS 8.6

Hi,

I am trying to create an IPSEC remote access vpn and am working for the first time with Network Object NAT on a 5512 X architecture with 8.6 OS. I would like to know how to create a NONAT scenario with users on the other side using a NAT 0 nat entry so that traffic going to subnets on the other end of the VPN do not get NATTED?

Thanks,

Vick.

1 ACCEPTED SOLUTION

Accepted Solutions
Jennifer Halim
Cisco Employee

Here you go:

For example:

local LAN: 192.168.5.0/24

remote LAN: 192.168.88.0/24

network object local-LAN

   subnet 192.168.5.0 255.255.255.0

network object remote-LAN

   subnet 192.168.88.0 255.255.255.0

nat (inside,outside) source static local-LAN local-LAN destination static remote-LAN remote-LAN

Hope that helps.

View solution in original post

7 REPLIES 7
Jennifer Halim
Cisco Employee

Here you go:

For example:

local LAN: 192.168.5.0/24

remote LAN: 192.168.88.0/24

network object local-LAN

   subnet 192.168.5.0 255.255.255.0

network object remote-LAN

   subnet 192.168.88.0 255.255.255.0

nat (inside,outside) source static local-LAN local-LAN destination static remote-LAN remote-LAN

Hope that helps.

View solution in original post

How do you do this with multiple internal networks with the NAT pool in the middle of the inside subnets?

Hi,

I am not sure what you mean with the "NAT Pool in the middle of the inside subnets"

But if you just want to configure multiple source networks for the NAT0 type configuration in the new software then you can use the following

object-group network LAN-NETWORKS

network-object 10.10.10.0 255.255.255.0

network-object 10.10.20.0 255.255.255.0

network-object 10.10.30.0 255.255.255.0

object-group network REMOTE-NETWORKS

network-object 10.10.100.0 255.255.255.0

network-object 10.10.200.0 255.255.255.0

nat (inside,outside) source static LAN-NETWORKS LAN-NETWORKS destination static REMOTE-NETWORKS REMOTE-NETWORKS

This should about do it.

Hope this helps

Please remember to rate the reply if you found it helpful.

Ask more if needed

- Jouni

The inside networks are:

192.168.1.0 255.255.255.0

192.168.2.0 255.255.255.0

192.168.4.0 255.255.255.0

192.168.5.0 255.255.255.0

192.168.7.0 255.255.255.0

192.168.8.0 255.255.255.0

192.168.11.0 255.255.255.0

192.168.12.0 255.255.255.0

192.168.14.0 255.255.255.0

192.168.16.0 255.255.255.0

192.168.21.0 255.255.255.0

192.168.31.0 255.255.255.0

192.168.33.0 255.255.255.0

The VPN pool is 192.168.10.0/24.

Hi,

It would be the following then

object-group network LAN-NETWORKS

network-object 192.168.1.0 255.255.255.0

network-object 192.168.2.0 255.255.255.0

network-object 192.168.4.0 255.255.255.0

network-object 192.168.5.0 255.255.255.0

network-object 192.168.7.0 255.255.255.0

network-object 192.168.8.0 255.255.255.0

network-object 192.168.11.0 255.255.255.0

network-object 192.168.12.0 255.255.255.0

network-object 192.168.14.0 255.255.255.0

network-object 192.168.16.0 255.255.255.0

network-object 192.168.21.0 255.255.255.0

network-object 192.168.31.0 255.255.255.0

network-object 192.168.33.0 255.255.255.0

object-group network REMOTE-NETWORKS

network-object 192.168.10.0 255.255.255.0

nat (inside,outside) source static LAN-NETWORKS LAN-NETWORKS destination static REMOTE-NETWORKS REMOTE-NETWORKS

- Jouni

That did the trick.

Thank You very much.

Patrick.

Hi,

Glad it helped.

Please do remember to rate the reply if you found it helpfull

- Jouni