Skip to main content

 

 

Cisco Defense Orchestrator

Translate a Range of Private IP Addresses to a Range of Public IP Addresses

About this Use Case

Use this approach if you have a group of specific device types, or user types, that need to have their IP addresses translated to a specific range so that the receiving devices (the devices on the other end of the transaction) allow the traffic in.

Prerequisite

Create a network object for the pool of private IP addresses you want to translate and create a network object for the pool of public addresses you want to translate those private IP addresses into. For the sake of the following procedure, we named the pool of private addresses, inside_pool and name the pool of public addresses, outside_pool.

Use Create Network Objects to create the network objects.

Translate a Pool of Inside Addresses to a Pool of Outside Addresses

  1. From the Devices & Services page, select the device for which you want to create the network address translation (NAT) rule.
  2. Click + Create NAT Rule > Network Object NAT.
  3. In section 1, select Dynamic and click Continue.
  4. In section 2, set the source interface to inside and the destination interface to outside. Click Continue.
  5. In section 3, perform these tasks:
  • For the Original Address, click Choose and then select the inside_pool object you made in the prerequisites section above.
  • For the Translated Address, click Choose and then select the outside_pool object you made in the prerequisites section above.
  1. Click Save.
  2. Return to the Devices & Services page, select the ASA on which you made this change, and Write changes... to the ASA.

 

Entries in the ASA's Saved Configuration File

The are the entries that would appear in the ASA's saved configuration file as a result of these procedures.

Objects created by this procedure

object network outside_pool

   range 209.165.1.1 209.165.1.255

object network inside_pool

   range 10.1.1.1 10.1.1.255

NAT rule created by this procedure

object network inside_pool

   nat (inside,outside) dynamic outside_pool