Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT on ASA ver 8.3

Hello:

I am replacing my PIX with a new ASA.  I decided to upgrade the IOS to the latest version 8.3.  NAT was one of the things which was completely redesigned.  On my old PIX I had the below command.  This allowed hosts on my private network to access my DMZ.  I have looked through a few NAT guides but have not found referances to this command.

static (inside,dmz) 192.168.0.0 192.168.0.0 netmask 255.255.0.0 0 0

Does anyone know how to input this?

Harrison Midkiff

2 REPLIES
Hall of Fame Super Blue

Re: NAT on ASA ver 8.3


static (inside,dmz) 192.168.0.0 192.168.0.0 netmask 255.255.0.0 0 0

Does anyone know how to input this?

Harrison Midkiff

Harrison

asa(config)# object network inside-subnet-identity

asa(config-network-object)# subnet 192.168.0.0 255.255.0.0

asa(config-network-object)# object network inside-subnet

asa(config-network-object)# subnet 192.168.0.0 255.255.0.0

asa(config-network-object)# nat (inside,dmz) static inside-subnet-identity

see the config guide for full details -

ASA NAT config guide

Jon

New Member

Re: NAT on ASA ver 8.3

Jon:

Thanks for replying to my post.

I am still digging through the guide.  For the subnet command I will have to added all my internal networks.  On my deployment I am trying to be ultra secure and only specify the networks which can go out.  There does not seem to be a way to tie the subnet command into an "access-list" or "object-group"?  Just curious if you know....

Harrison

544
Views
0
Helpful
2
Replies