Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Multiple VLAN's Dynamic NAT ASA 5520 8.4(5)

I have created three Vlan's on one of my physical interfaces

interface GigabitEthernet0/3

no nameif

no security-level

no ip address

interface GigabitEthernet0/3.1

vlan 10

nameif guestwireless

security-level 1

ip address 10.7.1.1 255.255.255.0

interface GigabitEthernet0/3.2

vlan 20

nameif aqawireless

security-level 100

ip address 10.8.1.1. 255.255.255.0

interface GigabitEthernet0/3.3

vlan 30

nameif WLCManagement

security-level 100

ip address 10.13.1.1 255.255.255.0

I want to have them all use the outside interface would I need three statements: here are my commands:

# object network guestwireless

# subnet 10.7.1.1 255.255.255.0

# nat (guestwireless,outside) interface dynamic

# object network aqawireless

# subnet 10.8.1.1 255.255.255.0

# nat (aqawireless,outside) interface dynamic

# object network WLCManagement

# subnet 10.13.1.1 255.255.255.0

# nat (WLCManagement,outside) interface dynamic

Thank you

Carlos

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

Multiple VLAN's Dynamic NAT ASA 5520 8.4(5)

Hi,

There are some minor errors in the format you used. Mainly in that you should use the network address in the "subnet" command and the parameters "dynamic" and "interface" are the wrong way around.

object network guestwireless

subnet 10.7.1.0 255.255.255.0

nat (guestwireless,outside) dynamic interface

object network aqawireless

subnet 10.8.1.0 255.255.255.0

nat (aqawireless,outside) dynamic interface

object network WLCManagement

subnet 10.13.1.0 255.255.255.0

nat (WLCManagement,outside) dynamic interface

You also have another option like this

object-group network WIRELESS-PAT-SOURCE

network-object 10.7.1.0 255.255.255.0

network-object 10.8.1.0 255.255.255.0

network-object 10.13.1.0 255.255.255.0

nat (any,outside) after-auto source dynamic WIRELESS-PAT-SOURCE interface

The "object-group" we created holds the source network/addresses for which we want to do Dynamic PAT for. We also define the source interface as "any" so the Dynamic PAT applies to all the 3 mentioned interfaces.

Hope this helps

Please do remember to mark a reply as the correct answer if it answered your question.

Feel free to ask more if needed

- Jouni

2 REPLIES
Super Bronze

Multiple VLAN's Dynamic NAT ASA 5520 8.4(5)

Hi,

There are some minor errors in the format you used. Mainly in that you should use the network address in the "subnet" command and the parameters "dynamic" and "interface" are the wrong way around.

object network guestwireless

subnet 10.7.1.0 255.255.255.0

nat (guestwireless,outside) dynamic interface

object network aqawireless

subnet 10.8.1.0 255.255.255.0

nat (aqawireless,outside) dynamic interface

object network WLCManagement

subnet 10.13.1.0 255.255.255.0

nat (WLCManagement,outside) dynamic interface

You also have another option like this

object-group network WIRELESS-PAT-SOURCE

network-object 10.7.1.0 255.255.255.0

network-object 10.8.1.0 255.255.255.0

network-object 10.13.1.0 255.255.255.0

nat (any,outside) after-auto source dynamic WIRELESS-PAT-SOURCE interface

The "object-group" we created holds the source network/addresses for which we want to do Dynamic PAT for. We also define the source interface as "any" so the Dynamic PAT applies to all the 3 mentioned interfaces.

Hope this helps

Please do remember to mark a reply as the correct answer if it answered your question.

Feel free to ask more if needed

- Jouni

New Member

Multiple VLAN's Dynamic NAT ASA 5520 8.4(5)

Jouni,

        Appreciate the help and the lesson.

Thank you

Carlos

I marked the response as correct answer.

691
Views
0
Helpful
2
Replies
CreatePlease login to create content