Re: Strange Config NATing to the same address range

darrenriley5 · ‎11-18-2010

Hi,

For some reason which no one seems to know we have Static Network NAT statements on our ASA which NAT a network to the same network.Anyone know any reason why this might be in place as I can't understand what it achieves?

static (G5_BTM_AA,LBS_Inside) 10.224.192.0 10.224.192.0 netmask 255.255.240.0

I need to add more specific static NAT statements for individual hosts which are member of the network NAT.

Would I place these above network NAT statement as below?

static (G5_BTM_AA,LBS_Inside) 10.224.192.1 10.224.200.1 netmask 255.255.255.255

static (G5_BTM_AA,LBS_Inside) 10.224.192.0 10.224.192.0 netmask 255.255.240.0

Many Thanks

Darren

Federico Coto Fajardo · ‎11-18-2010

Darren,

Use a static NAT rule to translate one network to itself its very useful in scenarios where you don't really need NAT but you need to allow communication to a higher security interface.

The ASA used to not allow traffic to a higher sec. interface without a static NAT rule... and if communication between both interfaces stay local... there's no need to NAT so a good option is an identity static NAT (which translates the network or host to itself).

If you do require to NAT, check if you can add those rules (or even remove the identity NAT if not needed).

Federico.