The problem arises if I have more than 1 non contiguous network that I would like to flow through the same interfaces. The only way I can seem to find to allow more than one subnet to be specified for the command above is the "Range" command. My issue is my internal networks are not in a nice clean range.
Ideally I would like something like this with a single object that manages the NAT for all of my internal networks....
The solution in your case would be to use an "object-group network" to handle defining the source addresses/subnets for your Dynamic PAT configuration as (as you state) the "object network" can only contain a single host/subnet/range.
That being said, this would also mean that you would be using a different NAT configuration format. What I mean by this is that the above NAT configurations that you list are Auto NAT / Network Object NAT.
The other type of NAT in the new software is Manual NAT and this is what I would suggest to make your Dynamic PAT more compact.
So lets say you have 3 internal LAN subnets and want to do Dynamic PAT for them then you could use this configuration
Notice that in the above configuration the "nat" command IS NOT located under the "object-group". It simply uses the created "object-group" as its parameter. You wont be able to configure any "nat" commands under the "object-group".
Lets take another situation. Lets say in addition to the 3 LAN subnets behind "inside" interface you also have a couple of DMZ interfaces and perhaps some other server subnet all behind their own interface and you want to configure Dynamic PAT using the same public IP address for all of these without resorting to too much configurations. Then you could use this configuration
The above configuration itself is not much different from the first example but as you can see we have changed the source interface as "any". This means that the ASA will accept any source interface when matching against this Dynamic PAT configuration. The "object-group" we use in the configuration will define which source addresses are actually matched in this configuration.
So as you can see we can handle Dynamic PAT for all the internal subnets with a single "nat" command.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...