cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
708
Views
0
Helpful
2
Replies

NAT on ASA ver 8.3

HMidkiff
Level 1
Level 1

Hello:

I am replacing my PIX with a new ASA.  I decided to upgrade the IOS to the latest version 8.3.  NAT was one of the things which was completely redesigned.  On my old PIX I had the below command.  This allowed hosts on my private network to access my DMZ.  I have looked through a few NAT guides but have not found referances to this command.

static (inside,dmz) 192.168.0.0 192.168.0.0 netmask 255.255.0.0 0 0

Does anyone know how to input this?

Harrison Midkiff

2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

static (inside,dmz) 192.168.0.0 192.168.0.0 netmask 255.255.0.0 0 0

Does anyone know how to input this?

Harrison Midkiff

Harrison

asa(config)# object network inside-subnet-identity

asa(config-network-object)# subnet 192.168.0.0 255.255.0.0

asa(config-network-object)# object network inside-subnet

asa(config-network-object)# subnet 192.168.0.0 255.255.0.0

asa(config-network-object)# nat (inside,dmz) static inside-subnet-identity

see the config guide for full details -

ASA NAT config guide

Jon

Jon:

Thanks for replying to my post.

I am still digging through the guide.  For the subnet command I will have to added all my internal networks.  On my deployment I am trying to be ultra secure and only specify the networks which can go out.  There does not seem to be a way to tie the subnet command into an "access-list" or "object-group"?  Just curious if you know....

Harrison

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: