Re: NAT question on ASA 8.3 or above from Myung-Soo Ko on 2013-07-31 (Ccielab archives 07/2013)

From: Myung-Soo Ko <bacchus21_at_gmail.com>
Date: Wed, 31 Jul 2013 23:06:11 +0900

Hello, all

Thank you so much for the replies.

I don't have any other NAT statements. If you say the order could be
important, which one should come first? Please advise.

Regards,
----------------------------------------------
"An open mind opens doors."
$BL4$O?.$8$F$$$l$PI,$:3p$&!*!*!*(B
Myung-Soo Ko ($B9b(B $BL@^,(B)

On Wed, Jul 31, 2013 at 10:56 PM, Marc La Porte <marc.a.laporte_at_gmail.com>wrote:

> Do you have other types of NAT statements, as then the order could be
> important
>
> On Wed, Jul 31, 2013 at 2:51 PM, Ryan West <rwest_at_zyedge.com> wrote:
>
>> Probably have a dynamic nat before your static. Does it work for inbound,
>> but not outbound?
>>
>> Sent from handheld.
>>
>> On Jul 31, 2013, at 8:31 AM, "Sadiq Yakasai" <sadiqtanko_at_gmail.com>
>> wrote:
>>
>> > Hi Myung-Soo,
>> >
>> > Your config looks good to me. See below a similar one I tested some time
>> > back.
>> >
>> > Perhaps something else on the configuration is interfering here? Can we
>> see
>> > full configuration?
>> >
>> > HTH,
>> > Sadiq
>> >
>> > ASA5585(config)#
>> > ASA5585(config)#
>> > ASA5585(config)# sh run obje
>> > ASA5585(config)# sh run object
>> > object network NATTED_SUBNET
>> > subnet 10.82.6.128 255.255.255.192
>> > object network INSIDE_SUBNET
>> > subnet 10.82.6.0 255.255.255.192
>> > ASA5585(config)#
>> > ASA5585(config)#
>> > ASA5585(config)#
>> > ASA5585(config)#
>> > ASA5585(config)# sh run nat
>> > !
>> > object network INSIDE_SUBNET
>> > nat (inside,outside) static NATTED_SUBNET
>> > ASA5585(config)#
>> > ASA5585(config)#
>> > ASA5585(config)#
>> > ASA5585(config)# sh nat
>> >
>> > Auto NAT Policies (Section 2)
>> > 1 (inside) to (outside) source static INSIDE_SUBNET NATTED_SUBNET
>> > translate_hits = 2804, untranslate_hits = 2785
>> > ASA5585(config)#
>> > ASA5585(config)#
>> > ASA5585(config)# sh ver
>> >
>> > Cisco Adaptive Security Appliance Software Version 8.4(2)11
>> > Device Manager Version 6.3(5)
>> >
>> >
>> >
>> >
>> > On Wed, Jul 31, 2013 at 11:08 AM, Myung-Soo Ko <bacchus21_at_gmail.com>
>> wrote:
>> >
>> >> Hello, Group
>> >>
>> >> I'm currently working on NAT configuration on ASA 8.3, but my old
>> >> configuration didn't work on newer version.
>> >>
>> >> I checked configuration guide and modified the following static NAT
>> >> configuration.
>> >> =====================================================================
>> >> Old(pre 8.3): static (outside,inside) 10.1.1.1 192.168.1.1 netmask
>> >> 255.255.255.255
>> >>
>> >> New(8.3): object network obj-192.168.1.1
>> >> host 192.168.1.1
>> >> nat(outside, inside) static 10.1.1.1
>> >> =====================================================================
>> >> I think it's correct configuration, but it didn't work properly. Any
>> >> correction? Please advise.
>> >>
>> >>
>> >> I have another configuration need to be checked. Please refer to the
>> >> following.
>> >> ===========================================================
>> >> object-group network CLIENTS_REAL
>> >> network-object 172.16.0.0 255.255.0.0
>> >>
>> >> nat (inside,outside) source dynamic CLIENTS_REAL interface
>> >> ===========================================================
>> >> In this case, I think configuration should remain the same on pre 8.3
>> and
>> >> 8.3. Any opinion??
>> >>
>> >> It would be greatly appreciated if anyone can give me some advice.
>> >>
>> >> Regards,
>> >> ----------------------------------------------
>> >> "An open mind opens doors."
>> >> $BL4$O?.$8$F$$$l$PI,$:3p$&!*!*!*(B
>> >> Myung-Soo Ko ($B9b(B $BL@^,(B)
>> >>
>> >>
>> >> Blogs and organic groups at http://www.ccie.net
>> >>
>> >> _______________________________________________________________________
>> >> Subscription information may be found at:
>> >> http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>> > --
>> > CCIEx2 (R&S|Sec) #19963
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Jul 31 2013 - 23:06:11 ART

This archive was generated by hypermail 2.2.0 : Thu Aug 01 2013 - 08:45:51 ART