NAT on ASA ver 8.3

Unanswered Question
Jun 15th, 2010

Hello:

I am replacing my PIX with a new ASA.  I decided to upgrade the IOS to the latest version 8.3.  NAT was one of the things which was completely redesigned.  On my old PIX I had the below command.  This allowed hosts on my private network to access my DMZ.  I have looked through a few NAT guides but have not found referances to this command.

static (inside,dmz) 192.168.0.0 192.168.0.0 netmask 255.255.0.0 0 0

Does anyone know how to input this?

Harrison Midkiff

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Tue, 06/15/2010 - 12:50

static (inside,dmz) 192.168.0.0 192.168.0.0 netmask 255.255.0.0 0 0

Does anyone know how to input this?

Harrison Midkiff

Harrison

asa(config)# object network inside-subnet-identity

asa(config-network-object)# subnet 192.168.0.0 255.255.0.0

asa(config-network-object)# object network inside-subnet

asa(config-network-object)# subnet 192.168.0.0 255.255.0.0

asa(config-network-object)# nat (inside,dmz) static inside-subnet-identity

see the config guide for full details -

ASA NAT config guide

Jon

HMidkiff Tue, 06/15/2010 - 12:58

Jon:

Thanks for replying to my post.

I am still digging through the guide.  For the subnet command I will have to added all my internal networks.  On my deployment I am trying to be ultra secure and only specify the networks which can go out.  There does not seem to be a way to tie the subnet command into an "access-list" or "object-group"?  Just curious if you know....

Harrison

Actions

This Discussion