Translate a Pool of Inside Addresses to a Pool of Outside Addresses

Before you begin

Create a network object for the pool of private IP addresses you want to translate and create a network object for the pool of public addresses you want to translate those private IP addresses into.

For the ASA, the "original address" pool, (the pool of private IP addresses you want to translate) can be a network object with a range of addresses, a network object that defines a subnet, or a network group that includes all the addresses in the pool. For the FTD, the "original address" pool can be a network object that defines a subnet or a network group that includes all the addresses in the pool.

Note

For the ASA FTD, the network group that defines the pool of "translated address" cannot be a network object that defines a subnet.

When creating these address pools, use Create or Edit ASA Network Objects and Network Groups use Create or Edit a Firepower Network Object or Network Group for instructions.

For the sake of the following procedure, we named the pool of private addresses, inside_pool and name the pool of public addresses, outside_pool.

Procedure

Step 1

In the left pane, click Inventory.

Step 2

Click the Devices tab to locate the device or the Templates tab to locate the model device.

Step 3

Click the appropriate device type tab.

Step 4

Select the device you want to create the NAT rule for.

Step 5

Click NAT in the Management pane at the right.

Step 6

Click > Network Object NAT.

Step 7

In section 1, Type, select Dynamic and click Continue.

Step 8

In section 2, Interfaces, set the source interface to inside and the destination interface to outside. Click Continue.

Step 9

In section 3, Packets, perform these tasks:

  • For the Original Address, click Choose and then select the inside_pool network object (or network group) you made in the prerequisites section above.

  • For the Translated Address, click Choose and then select the outside_pool network object (or network group) you made in the prerequisites section above.

Step 10

Skip section 4, Advanced.

Step 11

For an FDM-managed device, in section 5, Name, give the NAT rule a name.

Step 12

Click Save.

Step 13

Review and deploy now the changes you made, or wait and deploy multiple changes at once.

Entries in the ASA's Saved Configuration File

These are the entries that would appear in an ASA's saved configuration file as a result of these procedures.

Note

This does not apply to FDM-managed devices.

Objects created by this procedure

object network outside_pool
    range 209.165.1.1 209.165.1.255
object network inside_pool
    range 10.1.1.1 10.1.1.255

NAT rules created by this procedure

object network inside_pool
nat (inside,outside) dynamic outside_pool