natting on firewall

Unanswered Question
Nov 7th, 2007

Hi all, can anyone tell me the command for natting to the outside interface address for all my internal users internet access, i know on my router its ip nat inside source list 1 interface dialler1 overload.

what is the command on the asa for this ?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Jon Marshall Wed, 11/07/2007 - 12:10


nat (inside) 1

global (outside) 1 interface

Assuming you have called the inside interface "inside" and the outside interface "outside".



Jon Marshall Thu, 11/08/2007 - 02:42

The global command is needed to tie it to the relevant NAT command ie

nat (inside) 1

says NAT all addresses ariiving on the inside interface BUT it doesn't tell you what you want to NAT it to. That is what the global command does

global (outside) 1 interface

Notice the same index number (1) has been used in the nat and global statements.


carl_townshend Thu, 11/08/2007 - 08:57

can you explain a little more on the global command and the outside command ? ie do you need to specify the outside interface name ie outside interface eth1 ?

Jon Marshall Thu, 11/08/2007 - 12:09

Hi Carl

Sorry i missed this before.

To answer your first question. To create a static translation

static (inside,outside) netmask

means - present the internal address of as to the outside of the pix.

As for the global command

nat (inside) 1

global (outside) 1

means Nat all internal address to the ip address

using the command

global (outside) 1 interface

is just shorthand really to say NAT all inside addresses to the address of the pix outside interface. You don't need to use the actual physical interface name ie. eth1 because the pix/asa device refers to the eth1 interface as "outside".

Hope this makes sense



This Discussion