ASA : PAT question

Unanswered Question
Mar 14th, 2009

Hi: I had question on the working of PAT.

I have one Public IP address, I would like to perform PAT. The Firewall is not allowing me. Is there a way to configure PAT with one Public IP address. This Public IP address is also the external interface IP address.

would appreciate the help

thank you

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
JamesLuther Sat, 03/14/2009 - 11:12


The two lines below (which you have) will do PAT with one public IP

global (outside) 1 interface

nat (inside) 1

However I'm not sure what this line is doing as the ACL doesn't exist

nat (inside) 0 access-list inside_nat0_outbound

Nat 0 statemnts with an ACL are processed first, if there is no ACL then i'm not sure what the behaviour might be (accept all or deny all?). Try removing this line from the configuration


ksnarayan43 Sat, 03/14/2009 - 11:23

thank you James.

I will remove the NAT statement.

Do i need to define Public IP address?


global (outside) 1


JamesLuther Sat, 03/14/2009 - 11:30


If you want your PAT IP to be different than the interface IP then you define it.

However as you only have one public IP then just use the interface option ie

global (outside) 1 interface


JamesLuther Sat, 03/14/2009 - 11:31

BTW, please post to say if this solves your problem as I would be interested to know.



This Discussion