Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Regular Dynamic PAT statements in ASA 8.3.

Hello,

Could you please verify this configuration:

I have 2 inside networks:

object network INSIDE_10.6

subnet 10.6.0.0 255.255.0.0

object network INSIDE_192.168

subnet 192.168.0.0 255.255.255.0

I grouped these 2 into 1 object-group:

object-group network INSIDE

network-object object INSIDE_10.6

network-object object INSIDE_192.168

Public IP address used for PAT:

object network PAT

host 152.x.x.x

I used the following statement to create Dynamic PAT to public IP address:

object network INSIDE_10.6

nat (any,any) dynamic PAT

object network INSIDE_192.168

nat (any,any) dynamic PAT   

Is that correct?

Also I'm using one public address to PAT both inside networks. Is there any advantage of using 2 different ones, so each inside network would be PAT to its own address?

Thanks,

forman 

1 REPLY
New Member

Regular Dynamic PAT statements in ASA 8.3.

object network INSIDE_10.6

nat (inside,outside) dynamic PAT

object network INSIDE_192.168

nat (inside,outside) dynamic PAT   

use the ingress and egress interface name instead of any any or atleast define the name of the ingress interface.

now if you only define the name of the ingress interface any traffic that is coming from the specified source will follow this nat rule for going out all the interface.

best way to do it is to specifiy the ingress and egress both the interfaces in the nat rule.

now to your second question you can use the same public IP object group (PAT) for both inside networks.

also configure the routes accordingly.

335
Views
0
Helpful
1
Replies
CreatePlease login to create content