Source PAT for incoming traffic in ASA

Unanswered Question
Mar 8th, 2009
User Badges:

Hi Experts,

One of my connectivity project i am working on requires traffic flowing through the ASA to reach the server sitting behind the ASA. However, the source of the traffic has IP address in the Private IP ranges. As our organization also uses similar IP address range for internal connectivity, i have to do many to one translation of the sources.

Appreciate if I could get insight on how to achieve this in ASA.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Sun, 03/08/2009 - 07:29
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Source addresses =

nat (outside) 1 outside

global (inside) 1 interface

Note you can choose any IP address to NAT the source addresses to but from within your network it must be routed to the inside interface of the ASA. So instead of

global (inside) 1 interface

you could use

global (inside) 1

your internal network devices would then have to route back to the inside interface of the ASA.


cannan.ilangova... Mon, 03/09/2009 - 00:04
User Badges:

Hi Jon,

thanks for your reply to this thread...that cleared my doubt too...

is it also possible to use policy based NAT in this scenario... say i have three different subnets as source

source1 =

source2 =

source3 =

destination =


i create an object group in ASA

object-group network InBoundAccess




i then apply a policy like this

access-list inboundaccess extended permit ip object-group InBoundAccess host

i use this policy to do the NAT like this..

nat (outside) 1 access-list inboundaccess

global (inside) 1 netmask

i add appropriate routes for in my internal network devices...

will this help?


This Discussion