Here is the topology and the entire config can be downloaded here.
Inside LAN (10.1.1.0/24) subnet should be dynamically translated to one of the IP addresses from the POOL (22.214.171.124/24).
CISCOASA# interface GigabitEthernet0 nameif inside-int !!Security Level should be set to something higher than the outside interface. I set it to !!0 here because I didn't want to mess around with ACLs. security-level 0 ip address 10.1.1.1 255.255.255.0 ! interface GigabitEthernet1 nameif outside-int security-level 0 ip address 192.168.2.1 255.255.255.0 !
Let's get R1 configured so we have something outside of the ASA to send traffic to.
R1# ! !!Set up the interface interface FastEthernet1/0 description connected_to_asa ip address 192.168.2.2 255.255.255.0 duplex auto speed auto ! !!Set up a static route so R1 has a route back to the ASA NAT POOL ip route 126.96.36.199 255.255.255.0 192.168.2.1
Alright now let's move on to the actual NAT config on the ASA.
CISCOASA# ! !!Create an object referencing the range of outside addresses that the inside IPs !!!are translated to. object network my-range-obj range 188.8.131.52 184.108.40.206 ! !!Create an object referencing the range of inside addresses and apply the NAT command. object network my-inside-net subnet 10.1.1.0 255.255.255.0 !!NAT inside interface range specified above dynamically to the object "my-range-obj" !!!(220.127.116.11-18.104.22.168) nat (inside,outside) dynamic my-range-obj !
Now ASA will dynamically convert anything coming from 10.1.1.0/24 to one of the POOL addresses (22.214.171.124-126.96.36.199).
Let's verify by pinging from a host inside (in this case it is 10.1.1.254) to the IP on R1.
As you can see pinging from 10.1.1.254 is translated to an IP address in the 188.8.131.52-.253 range.
Many more articles to come so stay tuned.
Please reshare/subscribe/comment/+1 if you like my posts as it keeps me motivated to write more and spread the knowledge.