We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 546 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)


297 New Members signed up the last 30 days!


100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,

Notable Replies

  1. Hi Rene,

    I dont know exactly what topic to place this question in thats why i am placing it here
    i got an opportunity for 3 days to work under a CCIE who was very rude and did not bother to ask him any questions as i knew he was not interested in explaining

    i was able to understand all bits till core SW through knowledge of your tutorials on VLAN and routing ,However cannot understand few bits in design at this point

    They got a public IP block from ISP lets say 30 host count

    Now the way the IP are assigned is as - => ISP router LAN interface connecting to my ASA
    - => Outside interface of my ASA

    Then there is CORE-SW- with different and server VLAN and few servers connected to server-vlan and require public access to them (web and email)[no-dmz].

    For the purpose hiding internal IP-scheme NAT is configured at ASA pointing to server as follows ===NAT===>> ....

    So after all this lines my Question WHICH INTERFACE THIS IP - - is assigned ,Where does this IP reside

    -Do this IP remain in company network

    please explain -As i know no one can expalain better than you in simple way


    Thanks in ADVANCE

  2. net2 says:

    Hi Rene,

    If I have many subnets inside my local network.
    How can I PAT all of subnets?

    Thank you!

  3. i did not understand that answer and did not expect this kind of answer

    thanks you any way

    that was help ful

  4. @Asi

    When you configure an IP address on the ASA then your ASA will know which IP addresses belong to the subnet. For example, let's say you have subnet

    Once you configure on the outside interface, your ASA knows that this is a subnet with 30 addresses. You can use any of the addresses in this subnet for NAT and you don't have to configure these addresses on the interface. Just make sure that it's not in use...


    You could use object groups to "bundle" multiple network objects. You could also configure a bigger subnet range in the network object.


  5. ASA1(config)# object network INSIDE
    ASA1(config-network-object)# subnet
    ASA1(config-network-object)# nat (INSIDE,OUTSIDE) dynamic
    this tells our firewall to translate traffic from the /24 subnet headed towards the OUTSIDE to IP address If you configure the IP address like this then it has to be an IP address that is not in use on the interface. For example, when I try to use (that’s the IP address on the OUTSIDE interface) then I will get an error

    Hi Rene,

    Can you please explain from the above statement if is INSIDE GLOBAL OR DESTINATION IP in the packet that is sourced from INSIDE?

Continue the discussion forum.networklessons.com

4 more replies