Re: NAT question on ASA 8.3 or above from Henrique Reis on 2013-07-31 (Ccielab archives 07/2013)

From: Henrique Reis <reis.henrique_at_gmail.com>
Date: Wed, 31 Jul 2013 11:31:19 -0300

Myung,

On version pos 8.3 the NAT id divided in the 3 sections and each section
have your priority over the other.

Bellow are the sections:

Manual NAT Policies (Section 1)
Auto NAT Policies (Section 2)
Manual NAT [with command "after auto"] Policies (Section 3)

Please see if you don$B!-(Bt have any manual NAT.

Thanks,
Henrique Reis

On Wed, Jul 31, 2013 at 11:06 AM, Myung-Soo Ko <bacchus21_at_gmail.com> wrote:

> Hello, all
>
> Thank you so much for the replies.
>
> I don't have any other NAT statements. If you say the order could be
> important, which one should come first? Please advise.
>
> Regards,
> ----------------------------------------------
> "An open mind opens doors."
> $BL4$O?.$8$F$$$l$PI,$:3p$&!*!*!*(B
> Myung-Soo Ko ($B9b(B $BL@^,(B)
>
>
> On Wed, Jul 31, 2013 at 10:56 PM, Marc La Porte <marc.a.laporte_at_gmail.com
> >wrote:
>
> > Do you have other types of NAT statements, as then the order could be
> > important
> >
> > On Wed, Jul 31, 2013 at 2:51 PM, Ryan West <rwest_at_zyedge.com> wrote:
> >
> >> Probably have a dynamic nat before your static. Does it work for
> inbound,
> >> but not outbound?
> >>
> >> Sent from handheld.
> >>
> >> On Jul 31, 2013, at 8:31 AM, "Sadiq Yakasai" <sadiqtanko_at_gmail.com>
> >> wrote:
> >>
> >> > Hi Myung-Soo,
> >> >
> >> > Your config looks good to me. See below a similar one I tested some
> time
> >> > back.
> >> >
> >> > Perhaps something else on the configuration is interfering here? Can
> we
> >> see
> >> > full configuration?
> >> >
> >> > HTH,
> >> > Sadiq
> >> >
> >> > ASA5585(config)#
> >> > ASA5585(config)#
> >> > ASA5585(config)# sh run obje
> >> > ASA5585(config)# sh run object
> >> > object network NATTED_SUBNET
> >> > subnet 10.82.6.128 255.255.255.192
> >> > object network INSIDE_SUBNET
> >> > subnet 10.82.6.0 255.255.255.192
> >> > ASA5585(config)#
> >> > ASA5585(config)#
> >> > ASA5585(config)#
> >> > ASA5585(config)#
> >> > ASA5585(config)# sh run nat
> >> > !
> >> > object network INSIDE_SUBNET
> >> > nat (inside,outside) static NATTED_SUBNET
> >> > ASA5585(config)#
> >> > ASA5585(config)#
> >> > ASA5585(config)#
> >> > ASA5585(config)# sh nat
> >> >
> >> > Auto NAT Policies (Section 2)
> >> > 1 (inside) to (outside) source static INSIDE_SUBNET NATTED_SUBNET
> >> > translate_hits = 2804, untranslate_hits = 2785
> >> > ASA5585(config)#
> >> > ASA5585(config)#
> >> > ASA5585(config)# sh ver
> >> >
> >> > Cisco Adaptive Security Appliance Software Version 8.4(2)11
> >> > Device Manager Version 6.3(5)
> >> >
> >> >
> >> >
> >> >
> >> > On Wed, Jul 31, 2013 at 11:08 AM, Myung-Soo Ko <bacchus21_at_gmail.com>
> >> wrote:
> >> >
> >> >> Hello, Group
> >> >>
> >> >> I'm currently working on NAT configuration on ASA 8.3, but my old
> >> >> configuration didn't work on newer version.
> >> >>
> >> >> I checked configuration guide and modified the following static NAT
> >> >> configuration.
> >> >> =====================================================================
> >> >> Old(pre 8.3): static (outside,inside) 10.1.1.1 192.168.1.1 netmask
> >> >> 255.255.255.255
> >> >>
> >> >> New(8.3): object network obj-192.168.1.1
> >> >> host 192.168.1.1
> >> >> nat(outside, inside) static 10.1.1.1
> >> >> =====================================================================
> >> >> I think it's correct configuration, but it didn't work properly. Any
> >> >> correction? Please advise.
> >> >>
> >> >>
> >> >> I have another configuration need to be checked. Please refer to the
> >> >> following.
> >> >> ===========================================================
> >> >> object-group network CLIENTS_REAL
> >> >> network-object 172.16.0.0 255.255.0.0
> >> >>
> >> >> nat (inside,outside) source dynamic CLIENTS_REAL interface
> >> >> ===========================================================
> >> >> In this case, I think configuration should remain the same on pre 8.3
> >> and
> >> >> 8.3. Any opinion??
> >> >>
> >> >> It would be greatly appreciated if anyone can give me some advice.
> >> >>
> >> >> Regards,
> >> >> ----------------------------------------------
> >> >> "An open mind opens doors."
> >> >> $BL4$O?.$8$F$$$l$PI,$:3p$&!*!*!*(B
> >> >> Myung-Soo Ko ($B9b(B $BL@^,(B)
> >> >>
> >> >>
> >> >> Blogs and organic groups at http://www.ccie.net
> >> >>
> >> >>
> _______________________________________________________________________
> >> >> Subscription information may be found at:
> >> >> http://www.groupstudy.com/list/CCIELab.html
> >> >
> >> >
> >> > --
> >> > CCIEx2 (R&S|Sec) #19963
> >> >
> >> >
> >> > Blogs and organic groups at http://www.ccie.net
> >> >
> >> >
> _______________________________________________________________________
> >> > Subscription information may be found at:
> >> > http://www.groupstudy.com/list/CCIELab.html
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Jul 31 2013 - 11:31:19 ART

This archive was generated by hypermail 2.2.0 : Thu Aug 01 2013 - 08:45:51 ART