What's the best way to do many NAT translations for WWW farm?

itburnout · ‎01-31-2012

Hello all, I hope this finds you in good spirits.

I have recently upgraded my ASA 5510 to 8.3 code and honestly I am confused on the best and most efficient way to do many nat translations through it. I have a group of about 100 IP's that need http/https/and sqlnet allowed through for our web farm.

I have a text file with the real and translated IP addresses and in 8.2 I could simply modify it and dump the thing in and make the NAT rules and access-lists. Now with the new object based model I am having a hard time wrapping my brain around how to do this using as few lines of code as possible.

Do I have to create an network object for each and every IP i want to nat through?

Thank you for your consideration!

Marvin Rhoads · ‎01-31-2012

Were your NATs not present in the pre-upgrade code? If they were, they should have been automatically rebuilt along with the recommended objects.

If they weren't, you can relatively easily make a little script of spreadsheet with some transforms to go from your text listing to the necessary network objects and new syntax nat rules.

It's also relatively easy to build them in ASDM and just copy, insert and modify down the list. You can even use the "Add Object" part of the GUI to also add the NAT rules at the same time: