Source PAT for incoming traffic in ASA

Unanswered Question
Mar 8th, 2009

Hi Experts,

One of my connectivity project i am working on requires traffic flowing through the ASA to reach the server sitting behind the ASA. However, the source of the traffic has IP address in the Private IP ranges. As our organization also uses similar IP address range for internal connectivity, i have to do many to one translation of the sources.

Appreciate if I could get insight on how to achieve this in ASA.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Sun, 03/08/2009 - 07:29

Source addresses =

nat (outside) 1 outside

global (inside) 1 interface

Note you can choose any IP address to NAT the source addresses to but from within your network it must be routed to the inside interface of the ASA. So instead of

global (inside) 1 interface

you could use

global (inside) 1

your internal network devices would then have to route back to the inside interface of the ASA.


cannan.ilangova... Mon, 03/09/2009 - 00:04

Hi Jon,

thanks for your reply to this thread...that cleared my doubt too...

is it also possible to use policy based NAT in this scenario... say i have three different subnets as source

source1 =

source2 =

source3 =

destination =


i create an object group in ASA

object-group network InBoundAccess




i then apply a policy like this

access-list inboundaccess extended permit ip object-group InBoundAccess host

i use this policy to do the NAT like this..

nat (outside) 1 access-list inboundaccess

global (inside) 1 netmask

i add appropriate routes for in my internal network devices...

will this help?


This Discussion