NAT on ASA ver 8.3

Unanswered Question
Jun 15th, 2010
User Badges:

Hello:


I am replacing my PIX with a new ASA.  I decided to upgrade the IOS to the latest version 8.3.  NAT was one of the things which was completely redesigned.  On my old PIX I had the below command.  This allowed hosts on my private network to access my DMZ.  I have looked through a few NAT guides but have not found referances to this command.


static (inside,dmz) 192.168.0.0 192.168.0.0 netmask 255.255.0.0 0 0


Does anyone know how to input this?


Harrison Midkiff

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Tue, 06/15/2010 - 12:50
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN



static (inside,dmz) 192.168.0.0 192.168.0.0 netmask 255.255.0.0 0 0


Does anyone know how to input this?


Harrison Midkiff



Harrison


asa(config)# object network inside-subnet-identity

asa(config-network-object)# subnet 192.168.0.0 255.255.0.0


asa(config-network-object)# object network inside-subnet

asa(config-network-object)# subnet 192.168.0.0 255.255.0.0

asa(config-network-object)# nat (inside,dmz) static inside-subnet-identity


see the config guide for full details -


ASA NAT config guide


Jon

HMidkiff Tue, 06/15/2010 - 12:58
User Badges:

Jon:


Thanks for replying to my post.


I am still digging through the guide.  For the subnet command I will have to added all my internal networks.  On my deployment I am trying to be ultra secure and only specify the networks which can go out.  There does not seem to be a way to tie the subnet command into an "access-list" or "object-group"?  Just curious if you know....


Harrison

Actions

This Discussion