06-15-2010 10:46 AM - edited 03-11-2019 10:59 AM
Hello:
I am replacing my PIX with a new ASA. I decided to upgrade the IOS to the latest version 8.3. NAT was one of the things which was completely redesigned. On my old PIX I had the below command. This allowed hosts on my private network to access my DMZ. I have looked through a few NAT guides but have not found referances to this command.
static (inside,dmz) 192.168.0.0 192.168.0.0 netmask 255.255.0.0 0 0
Does anyone know how to input this?
Harrison Midkiff
06-15-2010 12:50 PM
static (inside,dmz) 192.168.0.0 192.168.0.0 netmask 255.255.0.0 0 0
Does anyone know how to input this?
Harrison Midkiff
Harrison
asa(config)# object network inside-subnet-identity
asa(config-network-object)# subnet 192.168.0.0 255.255.0.0
asa(config-network-object)# object network inside-subnet
asa(config-network-object)# subnet 192.168.0.0 255.255.0.0
asa(config-network-object)# nat (inside,dmz) static inside-subnet-identity
see the config guide for full details -
06-15-2010 12:58 PM
Jon:
Thanks for replying to my post.
I am still digging through the guide. For the subnet command I will have to added all my internal networks. On my deployment I am trying to be ultra secure and only specify the networks which can go out. There does not seem to be a way to tie the subnet command into an "access-list" or "object-group"? Just curious if you know....
Harrison
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide