Unanswered Question
Sep 13th, 2008

HI, i have already installed an ASA 5505. My service provider only led me one ip address public. Can i do create Static NAT to my services (web, ftp) with ip address of ASA.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Sat, 09/13/2008 - 17:05

Yes you can, use the outside interface for static inbound connections, if your ISP is only giving you one public IP for your ASA outside interface addressing.

say your inside network is network and have webserver at, ftp server at, and telnet server at

the static commands and acl would be similar to :

Static entries

static (inside,outside) tcp interface 80 80 netmask

static (inside,outside) tcp interface 21 21 netmask

static (inside,outside) tcp interface 23 23 netmask

and so on

maybe create a tcp object group for these services to apply to an acl

object-group service TEST tcp

port-object eq 80

port-object eq 21

port-object eq 23

create the acl and apply it to outside interface

access-list outside_access_in extended permit tcp any interface outside object-group TEST log

access-group outside_access_in in interface outside



PLS rate any helpful post


This Discussion