Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA post ver8.2 Static NAT & Name Command

Hello, pre 8.3 I would use the Name Command and static map a public IP to a private IP as follows:

name 12.236.93.72 InsideHost

static (inside,outside) InsideHost 10.11.10.1 netmask 255.255.255.255

Post ver8.2 I realize that command has changed to the object network command but does not work with the name. I recieve the following error:

name 12.236.93.72 InsideHost

object network obj-10.11.10.1

   host 10.11.10.1

   nat (inside,outside) static InsideHost

           ERROR: InsideHost Dosn't Exist

I cannot find the Name Command in the newer post8.2 documentation.


1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

ASA post ver8.2 Static NAT & Name Command

Hi,

Its my understanding that the "name" configuration doesnt really play much of a role in the new ASA software levels and the "object" has atleast partially replaced that.

Do notice that you can create an "object" for the IP address 12.236.93.72

object network Insidehost

host 12.236.93.72

object network obj-10.11.10.1

host 10.11.10.1

nat (inside,outside) static Insidehost

But to be honest I have never liked the "name" configuration and have always disabled it on the ASAs I manage. When I am troubleshooting something or making new rules I want to do it based on the actual IP rather than a "name" but I guess its matter of taste/personal preference.

Also I dont use the above method either. I simply define the IP address in the section where you define the NAT IP address. This keeps the configuration clearer and less cluttered with "object" or "object-group"

Hope this helps

- Jouni

5 REPLIES
Super Bronze

ASA post ver8.2 Static NAT & Name Command

Hi,

Its my understanding that the "name" configuration doesnt really play much of a role in the new ASA software levels and the "object" has atleast partially replaced that.

Do notice that you can create an "object" for the IP address 12.236.93.72

object network Insidehost

host 12.236.93.72

object network obj-10.11.10.1

host 10.11.10.1

nat (inside,outside) static Insidehost

But to be honest I have never liked the "name" configuration and have always disabled it on the ASAs I manage. When I am troubleshooting something or making new rules I want to do it based on the actual IP rather than a "name" but I guess its matter of taste/personal preference.

Also I dont use the above method either. I simply define the IP address in the section where you define the NAT IP address. This keeps the configuration clearer and less cluttered with "object" or "object-group"

Hope this helps

- Jouni

Super Bronze

Re: ASA post ver8.2 Static NAT & Name Command

Hi,

This is from the Command Reference the thing I referenced above

This is the change introduced when the NAT configuration format changed at 8.3(1)

8.3(1) You can no longer use a named IP address in a nat command or an access-list

command; you must use object network names instead. Although

network-object commands in an object group accept object network

names, you can still also use a named IP address identified by the name

command.

- Jouni

Community Member

Re: ASA post ver8.2 Static NAT & Name Command

Thanks so much!!!

Super Bronze

ASA post ver8.2 Static NAT & Name Command

Hi,

Glad if it helped

Please do remember to mark a reply as the correct answer if it answered your question.

- Jouni

ASA post ver8.2 Static NAT & Name Command

Hi,

Post 8.2 (8.3 and above) 'name' command changed to 'object network'. So you need to create another object network similar to your private ip.

EX:

object network public-10.11.10.1

   host 12.236.93.72

object network obj-10.11.10.1

   host 10.11.10.1

   nat (inside,outside) static public-10.11.10.1

Check the below link (search for key word 'name')

http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/upgrading/migrating.html#wp106866

hth

MS

109
Views
0
Helpful
5
Replies
CreatePlease to create content