06-15-2010 10:46 AM - edited 03-11-2019 10:59 AM
Hello:
I am replacing my PIX with a new ASA. I decided to upgrade the IOS to the latest version 8.3. NAT was one of the things which was completely redesigned. On my old PIX I had the below command. This allowed hosts on my private network to access my DMZ. I have looked through a few NAT guides but have not found referances to this command.
static (inside,dmz) 192.168.0.0 192.168.0.0 netmask 255.255.0.0 0 0
Does anyone know how to input this?
Harrison Midkiff
06-15-2010 12:50 PM
static (inside,dmz) 192.168.0.0 192.168.0.0 netmask 255.255.0.0 0 0
Does anyone know how to input this?
Harrison Midkiff
Harrison
asa(config)# object network inside-subnet-identity
asa(config-network-object)# subnet 192.168.0.0 255.255.0.0
asa(config-network-object)# object network inside-subnet
asa(config-network-object)# subnet 192.168.0.0 255.255.0.0
asa(config-network-object)# nat (inside,dmz) static inside-subnet-identity
see the config guide for full details -
06-15-2010 12:58 PM
Jon:
Thanks for replying to my post.
I am still digging through the guide. For the subnet command I will have to added all my internal networks. On my deployment I am trying to be ultra secure and only specify the networks which can go out. There does not seem to be a way to tie the subnet command into an "access-list" or "object-group"? Just curious if you know....
Harrison
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: