Re: ASA 8.3 NAT question

Here is a Micro Nugget from the great Keith Barker for those that want a
peek at some of the new NAT on ASA.

http://www.youtube.com/watch?v=MjzDv6Cy6Is

Anthony Sequeira, CCIE, CCSI, VCP
http://www.stormwind.com
Twitter: @compsolv
Facebook: http://www.facebook.com/compsolv

On 9/20/12 11:14 PM, "Jay McMickle" <jay.mcmickle_at_yahoo.com> wrote:

>Ryan beat me to it, but yes, I agree with Ryan.
>
>8.3+ has been challenging to
>learn, but we're coming around!
>
>
>Regards,
>Jay McMickle- 3x CCNP
>(R&S,Security,Design), CCIE #35355 (R&S)
>
>
>
>________________________________
>From: Ryan West <rwest_at_zyedge.com>
>To: marc abel <marcabel_at_gmail.com>; Cisco
>certification <ccielab_at_groupstudy.com>
>Sent: Thursday, September 20, 2012
>7:34 AM
>Subject: RE: ASA 8.3 NAT question
>
>On Tue, Sep 18, 2012 at 14:09:50,
>marc abel wrote:
>> Subject: OT: ASA 8.3 NAT question
>>
>> Sorry for the OT but
>I am banging my head in the documentation.
>>
>> In ASA 8.3 and later is it
>possible to use object-groups to do standard PAT?
>> The documentation seems to
>make it seem so but I can't find any examples.
>> The examples all just use
>plain Objects (not object-groups). When I
>> try a similar syntax under Object
>groups I don't see the same options.
>>
>
>hostname(config)# object network
>nat-range1
>hostname(config-network-object)# range 10.10.10.10 10.10.10.20
>hostname(config-network-object)# object network pat-ip1
>hostname(config-network-object)# host 10.10.10.21
>hostname(config-network-object)# object-group network nat-pat-grp
>hostname(config-network-object)# network-object object nat-range1
>hostname(config-network-object)# network-object object pat-ip1
>hostname(config-network-object)# object network outbound_NAT
>hostname(config-network-object)# subnet 10.76.11.0 255.255.255.0
>hostname(config-network-object)# nat (inside,outside) dynamic nat-pat-grp
>interface
>
>equivalent to
>
>access-list outbound-nat permit ip 10.76.11.0
>255.255.255.0 any
>nat (inside) 10 access-list outbound-nat
>global (outside) 10
>10.10.10.10-10.10.10.20 <- one to one range
>global (outside) 10 10.10.10.21
> <- PAT
>global (outside) 10 interface <- exhaustion pool after 65535
>xlates
>
>>
>> ASA(config-network-object)# nat ?
>>
>> network-object mode
>commands/options:
>> ( Open parenthesis for
>(<real_if_name>,<mapped_if_name>) pair
>> where
>> <real_if_name> is
>the prenat interface and <mapped_if_name> is the
>> postnat
>interface
>> dynamic Specify NAT type as dynamic
>> static Specify NAT
>type as static
>>
>>
>> ASA(config-network-object-group)# nat ?
>>
>> configure
>mode commands/options:
>> ( Open parenthesis for
>>
>(<internal_if_name>,<external_if_name>)
>> pair where
><internal_if_name> is the Internal or prenat
>> interface and
><external_if_name> is the External or postnat
>> interface
>>
><1-2147483647> Position of NAT rule within before auto section
>>
>after-auto Insert NAT rule after auto section
>> source Source
>NAT parameters
>>
>>
>>
>> What I am trying to do is PAT a bunch of different
>subnets into the
>> same external IP without having to create an object for
>each individual subnet.
>> The subnets aren't contiguous so I can't just use a
>bigger mask or a range.
>>
>
>Use an object-group for this and do twice NAT with
>dynamic.
>
>Object-group network nat-alot-of-stuff
> Network-object 10.10.10.0
>255.255.255.0
>Network-object 10.10.20.0 255.255.255.0
>
>nat (inside,outside)
>source dynamic nat-alot-of-stuff interface
>
>-ryan
>
>
>Blogs and organic groups
>at http://www.ccie.net
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>
>Blogs and organic groups at http://www.ccie.net
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Fri Sep 21 2012 - 12:05:16 ART