PAT with an object group on a pix or ASA

typertec
typertec used Ask the Experts™
on
HI Experts

Is it possible to PAT using an object group?

For example, if I have multiple networks that I want to PAT out of a single IP, how would I do it? I can group the multiple networks into one object group but how will the PAT statement look?

Please offer sample commands.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
hi

Depending on how many networks you have - you have 3 options (using 55.55.55.55 as a sample public ip for PAT)

1) nat all internal:

nat (inside) 1 0.0.0.0
global (outside) 1 55.55.55.55

2) Individual nat statements

nat (inside) 1 10.10.10.0 255.255.255.0
nat (inside) 1 10.10.20.0 255.255.255.0
nat (inside) 1 10.10.30.0 255.255.255.0
global (outside) 1 55.55.55.55



3) Policy nat access-list

object-group network nat-addresses
 network-object 10.10.10.0 255.255.255.0
 network-object 10.10.20.0 255.255.255.0
 network-object 10.10.30.0 255.255.255.0

access-list nat-outbound permit ip object-group nat-addresses any

nat (inside) 1 access-list nat-outbound
global (outside) 1 55.55.55.55

hth

Author

Commented:
Well DONE!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial