ASA 5506 running 9.8(2)28
I am trying to create object groups for 2 isolate LANS that need WAN access, or put another way, I'm trying to NAT 2 isolated networks to the same WAN interface/address. My WAN interface is set to DHCP. I am struggling to understand how I should go about doing this. Here is the NAT statement I am working on. In parenthesis are the object groups, first the LAN group and then the group I want to map to. I would create a separate NAT statement for each LAN network I have.
nat (INSIDE,OUTSIDE) source dynamic (LAN object group) (Object group for WAN interface?) destination static interface
My understanding is that the group I am mapping to is the outside WAN network address. But my address is DHCP from the ISP. I don't know if my address has actually ever changed, but say it does my network would go down. Am I completely wrong in my approach? I just started diving into this topic this weekend so still working to understand how it all works.
No comments:
Post a Comment