dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
709
share rss forum feed

mtrem101

join:2013-07-14

ASA 8.4(1) questions

Hi -

I didnt post a config bc my question is real basic.

What type of NAT or PAT do I use if I want to use a single static IP on the outside, and a 172.16.0.0/24 net on the inside?

This is driving me crazy. I have been working on it all day - trying different things - I started with the CLI and then tried ASDM.

I started today by doing a config factory-default; write mem; reload

I have a pool of 5 static IPs but just want to use one. Im almost ready to scrap this stupid ASA. I bought it to practice on, but its become so complicated. Sorry for the rant but its been a long day. I do not know how you Cisco experts can remember all of the nuances of the different commands plus all of the router and switch commands...and then all the other stuff that you know. Its almost too much.

Thanks for any help!
Mark


hellohello

join:2013-06-28
Detroit, MI
Setup NAT Overload

markysharkey
Premium
join:2012-12-20
united kingd
reply to mtrem101
NAT overload = PAT...

m1979

join:2011-04-17
reply to mtrem101
Check this video, you need dynamic PAT

»www.youtube.com/watch?v=dM5xHY2rwbo


ASDM is good enough to manage this box but be more patient and learn some basics before throwing it away. It is a good device

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to mtrem101
IIRC, the base config on the ASA already is setup for basic PAT, unless ASA above 8.2 does something wierd... again.

Believe me, don't let you getting frustrated over this kind of thing think you're alone in the world of Cisco.
Me personally I've had 6+ years at this, and I can STILL screw up stupidly with the best of em.

Regards


ua_hockey

join:2003-08-07
Columbus, OH
reply to mtrem101
To quickly answer your question, this should work:

nat (inside,outside) source dynamic any interface

or

object-group network obj-172.16.0.0
network-object 172.16.0.0 255.255.255.0

nat (inside,outside) source dynamic obj-172.16.0.0 interface

Assuming you want to hide the traffic behind the IP address of your "outside" interface.