NAT Question - ASA 55xx

jcartier · ‎10-04-2010

Hi All,

Just a quick question...

I have an ASA that is configured with the following...

Inside IP: 192.168.1.0/24

DMZ IP: 8.8.1.1/24

Outside IP: 209.202.9.0/30

*All IPs are fictious of course*

Currently my ASA is configured to NAT all inside IPs to the outside interface. My plan is to change the outside interface to a Private IP address, as I'm looking to put a router infront of it. Instead of NAT'ing to the outside interface, can I NAT to a free IP in my 8.8.1.0/24 block? If so, what would be the desired configuration?

global <?> 1 8.8.1.250.....?...not sure on the syntax. Looking for assistance on that as well

danrya · ‎10-04-2010

I'm guessing that your current config has:

global (outside) 1 interface

That tells it to use the interface IP address and NAT any thing that matches "nat (inside) 1". All you need to do is change the "global" command to the ip address(es) that you want it to NAT to.

global (outside) 1 8.8.1.250

or something like this (for a range):

global (outside) 1 8.8.1.250 - 8.8.1.255

The NAT guide is pretty decent at explaining it (but can be confusing at times), so let me know if you have more questions:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_dynamic.html#wp1078484

Dan