NAT on ASA ver 8.3

HMidkiff · ‎06-15-2010

Hello:

I am replacing my PIX with a new ASA. I decided to upgrade the IOS to the latest version 8.3. NAT was one of the things which was completely redesigned. On my old PIX I had the below command. This allowed hosts on my private network to access my DMZ. I have looked through a few NAT guides but have not found referances to this command.

static (inside,dmz) 192.168.0.0 192.168.0.0 netmask 255.255.0.0 0 0

Does anyone know how to input this?

Harrison Midkiff

Jon Marshall · ‎06-15-2010


static (inside,dmz) 192.168.0.0 192.168.0.0 netmask 255.255.0.0 0 0
Does anyone know how to input this?
Harrison Midkiff

Harrison

asa(config)# object network inside-subnet-identity

asa(config-network-object)# subnet 192.168.0.0 255.255.0.0

asa(config-network-object)# object network inside-subnet

asa(config-network-object)# subnet 192.168.0.0 255.255.0.0

asa(config-network-object)# nat (inside,dmz) static inside-subnet-identity

see the config guide for full details -

ASA NAT config guide

Jon

HMidkiff · ‎06-15-2010

Jon:

Thanks for replying to my post.

I am still digging through the guide. For the subnet command I will have to added all my internal networks. On my deployment I am trying to be ultra secure and only specify the networks which can go out. There does not seem to be a way to tie the subnet command into an "access-list" or "object-group"? Just curious if you know....

Harrison