Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT Multiple Inside Subnets

Can anyone help me with the NAT command on 8.4? I am trying to PAT multipule Inside subnets to an IP address. With the example I found I can only PAT one subnet. If I do it the way I have below, it will end up with the last subnet (3.3.3.0) stay in the config. What is the best way of doing it? I have about 20 inside subnets I need to PAT.

object network obj-Inside-sub1

subnet 1.1.1.0 255.255.255.0
subnet 2.2.2.0 255.255.0.0
subnet 3.3.3.0 255.255.0.0
nat (inside,outside) dynamic 199.246.5.2

Thanks for the help

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Red

NAT Multiple Inside Subnets

The config would look something like this:

object-group network all_subnets

network-object 1.1.1.0 255.255.255.0

network-object 2.2.2.0 255.255.0.0

network-object 3.3.3.0 255.255.0.0

object network patted_ip

host 199.246.5.2

Nat (inside,outside) source dynamic all_subnet patted_ip

And it shoudl work for all the subnets.

Hope this helps you

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
6 REPLIES
Red

NAT Multiple Inside Subnets

Hey Joe,

What you see is the correct behavior, because for multiple subnets you need to use a object-group, which includes all three subnets.

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
Red

NAT Multiple Inside Subnets

The config would look something like this:

object-group network all_subnets

network-object 1.1.1.0 255.255.255.0

network-object 2.2.2.0 255.255.0.0

network-object 3.3.3.0 255.255.0.0

object network patted_ip

host 199.246.5.2

Nat (inside,outside) source dynamic all_subnet patted_ip

And it shoudl work for all the subnets.

Hope this helps you

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
New Member

NAT Multiple Inside Subnets

Thanks Varun, the command works. Now I am a bit confuse with the command. Would you able to point out why we do it this way?

When I put in the NAT any command like this:

object network obj_any

subnet 0.0.0.0 0.0.0.0

nat (inside,outside) dynamic 199.246.5.1

It will give me something like this in show run.

object network obj_any

subnet 0.0.0.0 0.0.0.0

object network obj_any

nat (inside,outside) dynamic 199.246.5.1

When I put in the command you provide for NATing the specific inside subnet it doesn't turn out the same way as above. Show run only show me this line by itself.

Nat (inside,outside) source dynamic all_subnet patted_ip

Looks like the source keyword made a different. I did see some examples use the source keyword to NAT everything to outside. Which is a cleaner way of doing things?

Red

NAT Multiple Inside Subnets

Hi Joe.

There are two different types of nat in 8.4, Manual NAT(Twice NAT) and Auto NAT(Object NAT), the one that you were doing earler was Auto NAT (Object NAT) and the configuration that I gave you was for Manual NAT. There is no such difference, just what you are comfortable with. Manual NAT always takes precedence over Auto NAT. Here is a doc,kindly go through it:

http://www.cisco.com/en/US/customer/docs/security/asa/asa84/configuration/guide/nat_objects.html

Hope this helps you.

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
New Member

NAT Multiple Inside Subnets

Thanks for clarifying.

New Member

It worked for me as well.

It worked for me as well.

Thanks

6047
Views
0
Helpful
6
Replies