Re: NAT question on ASA 8.3 or above from Ryan West on 2013-07-31 (Ccielab archives 07/2013)

From: Ryan West <rwest_at_zyedge.com>
Date: Wed, 31 Jul 2013 12:51:16 +0000

Probably have a dynamic nat before your static. Does it work for inbound, but not outbound?

Sent from handheld.

On Jul 31, 2013, at 8:31 AM, "Sadiq Yakasai" <sadiqtanko_at_gmail.com> wrote:

> Hi Myung-Soo,
>
> Your config looks good to me. See below a similar one I tested some time
> back.
>
> Perhaps something else on the configuration is interfering here? Can we see
> full configuration?
>
> HTH,
> Sadiq
>
> ASA5585(config)#
> ASA5585(config)#
> ASA5585(config)# sh run obje
> ASA5585(config)# sh run object
> object network NATTED_SUBNET
> subnet 10.82.6.128 255.255.255.192
> object network INSIDE_SUBNET
> subnet 10.82.6.0 255.255.255.192
> ASA5585(config)#
> ASA5585(config)#
> ASA5585(config)#
> ASA5585(config)#
> ASA5585(config)# sh run nat
> !
> object network INSIDE_SUBNET
> nat (inside,outside) static NATTED_SUBNET
> ASA5585(config)#
> ASA5585(config)#
> ASA5585(config)#
> ASA5585(config)# sh nat
>
> Auto NAT Policies (Section 2)
> 1 (inside) to (outside) source static INSIDE_SUBNET NATTED_SUBNET
> translate_hits = 2804, untranslate_hits = 2785
> ASA5585(config)#
> ASA5585(config)#
> ASA5585(config)# sh ver
>
> Cisco Adaptive Security Appliance Software Version 8.4(2)11
> Device Manager Version 6.3(5)
>
>
>
>
> On Wed, Jul 31, 2013 at 11:08 AM, Myung-Soo Ko <bacchus21_at_gmail.com> wrote:
>
>> Hello, Group
>>
>> I'm currently working on NAT configuration on ASA 8.3, but my old
>> configuration didn't work on newer version.
>>
>> I checked configuration guide and modified the following static NAT
>> configuration.
>> =====================================================================
>> Old(pre 8.3): static (outside,inside) 10.1.1.1 192.168.1.1 netmask
>> 255.255.255.255
>>
>> New(8.3): object network obj-192.168.1.1
>> host 192.168.1.1
>> nat(outside, inside) static 10.1.1.1
>> =====================================================================
>> I think it's correct configuration, but it didn't work properly. Any
>> correction? Please advise.
>>
>>
>> I have another configuration need to be checked. Please refer to the
>> following.
>> ===========================================================
>> object-group network CLIENTS_REAL
>> network-object 172.16.0.0 255.255.0.0
>>
>> nat (inside,outside) source dynamic CLIENTS_REAL interface
>> ===========================================================
>> In this case, I think configuration should remain the same on pre 8.3 and
>> 8.3. Any opinion??
>>
>> It would be greatly appreciated if anyone can give me some advice.
>>
>> Regards,
>> ----------------------------------------------
>> "An open mind opens doors."
>> $BL4$O?.$8$F$$$l$PI,$:3p$&!*!*!*(B
>> Myung-Soo Ko ($B9b(B $BL@^,(B)
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> --
> CCIEx2 (R&S|Sec) #19963
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Jul 31 2013 - 12:51:16 ART

This archive was generated by hypermail 2.2.0 : Thu Aug 01 2013 - 08:45:51 ART