Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT config for ASA 5520

Hi

 

I am looking to get a basic NAT config for an ASA running 8.2.1 software. I want to NAT all internal traffic to ip address of the outside interface on ASA and am looking for a working config for the NAT piece. My current config is below. Apologies if this is a simple config, but I am a Cisco voice engineer and do not have much experience with ASAs.

 

Cheers,
Derek

 

interface GigabitEthernet0/0
 nameif inside
 security-level 100
 ip address 10.10.254.250 255.255.255.0
!
interface GigabitEthernet0/1
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/3
 nameif outside
 security-level 0
 ip address 193.120.10.142 255.255.255.192

object-group network uclab_inside
 network-object 10.10.254.0 255.255.255.0
 network-object 192.168.238.0 255.255.255.0

object-group network Inside_Net
 network-object 10.10.0.0 255.255.0.0
 network-object 192.168.238.0 255.255.255.0

nat-control
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 access-list inside-nat
static (inside,outside) 192.168.238.0 193.120.10.142 netmask 255.255.255.255
access-group inside_access_in in interface inside

 

access-list inside-nat extended permit ip object-group uclab_inside any
access-list inside-acl extended permit object-group Inside-Services object-group uclab_inside any
access-list inside_nat0_outbound extended permit ip any 192.168.253.0 255.255.255.240
access-list inside_access_in extended permit ip 10.10.254.0 255.255.255.0 any
access-list inside_access_in extended permit ip object-group uclab_inside any
access-list inside_access_in extended permit ip object-group Inside_Net any

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Hi derekmccor, Here is the

Hi derekmccor

Here is the config you need  if yo're running 8.2.1:

nat (inside) 1 10.10.254.0 255.255.255.0

global (outside) 1 interface 

This will perform a PAT on the ASA using the single IP of the outiside interface for all the internal traffic. 

 

FYI in  8.3 or higher the NAT needs to be done in a different way, in case you are planning to upgrade. 

Regards , 

1 REPLY
Silver

Hi derekmccor, Here is the

Hi derekmccor

Here is the config you need  if yo're running 8.2.1:

nat (inside) 1 10.10.254.0 255.255.255.0

global (outside) 1 interface 

This will perform a PAT on the ASA using the single IP of the outiside interface for all the internal traffic. 

 

FYI in  8.3 or higher the NAT needs to be done in a different way, in case you are planning to upgrade. 

Regards , 

100
Views
0
Helpful
1
Replies