Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA 8.4 NAT subnets?

Need to setup some static NATs for some networks and IP ranges. Rather than setting up 50+ individual NAT rules I'm thinking 8.3 or 8.4 supports snat for networks?

Example

73.11.200.88/29 and 192.168.0.64/29

so

73.11.200.88 would always be static NAT for 192.168.0.64

73.11.200.89 would always be static NAT for 192.168.0.65

73.11.200.90 would always be static NAT for 192.168.0.66

Am I correct that this can be done with 1 NAT rule instead of multiple?

Can it also be done with object groups? Assuming the number of objects in each group is the same.

Thanks for the time.

Everyone's tags (5)
4 REPLIES
Silver

ASA 8.4 NAT subnets?

I believe you can't achieve the below with one statement, you have to create an object group for each static NAT

73.11.200.88 would always be static NAT for 192.168.0.64

73.11.200.89 would always be static NAT for 192.168.0.65

73.11.200.90 would always be static NAT for 192.168.0.66

object network ip-1

host 192.168.0.64

nat (dmz,outside) static 73.11.200.88

object network ip-2

host 192.168.0.65

nat (dmz,outside) static 73.11.200.89

object network ip-3

host 192.168.0.66

nat (dmz,outside) static 73.11.200.90

Siddhartha

ASA 8.4 NAT subnets?

Hello,

As Sid says there is no way you can do a static nat like that, unless you do like ( subnet to subnet object)

192.168.1.1-73.11.200.1

192.168.1.2-73.11.200.2

192.168.1.3-73.11.200.3

but not the way you want it...

Regards,

Do rate all the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

ASA 8.4 NAT subnets?

You mean if they were both identical like 73.11.200.88/29 and 192.168.0.88/29?

Then the ASA would automatically assign .88 to .88, and .89 to .89, etc?

Thanks

ASA 8.4 NAT subnets?

Hello,

Here is the example that will explain it to you.. This is on 8.2

static (inside,outside) 4.0.0.0 192.168.12..0 netmask 255.255.255.0

Like this the ASA will do a one to one mapping.

This is what you will need to do on 8.4 as well, how do you do it using the same  ( subnets)

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
1875
Views
0
Helpful
4
Replies
CreatePlease to create content