ASA : PAT question

Unanswered Question
Mar 14th, 2009
User Badges:

Hi: I had question on the working of PAT.


I have one Public IP address, I would like to perform PAT. The Firewall is not allowing me. Is there a way to configure PAT with one Public IP address. This Public IP address is also the external interface IP address.


would appreciate the help


thank you



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
JamesLuther Sat, 03/14/2009 - 11:12
User Badges:
  • Silver, 250 points or more

Hi,


The two lines below (which you have) will do PAT with one public IP


global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0


However I'm not sure what this line is doing as the ACL doesn't exist


nat (inside) 0 access-list inside_nat0_outbound


Nat 0 statemnts with an ACL are processed first, if there is no ACL then i'm not sure what the behaviour might be (accept all or deny all?). Try removing this line from the configuration



Regards

ksnarayan43 Sat, 03/14/2009 - 11:23
User Badges:

thank you James.


I will remove the NAT statement.


Do i need to define Public IP address?

example

global (outside) 1 10.1.1.254


thx

JamesLuther Sat, 03/14/2009 - 11:30
User Badges:
  • Silver, 250 points or more

Hi,


If you want your PAT IP to be different than the interface IP then you define it.


However as you only have one public IP then just use the interface option ie


global (outside) 1 interface



Regards

JamesLuther Sat, 03/14/2009 - 11:31
User Badges:
  • Silver, 250 points or more

BTW, please post to say if this solves your problem as I would be interested to know.


Thanks

ksnarayan43 Sat, 03/14/2009 - 11:44
User Badges:

thanks James. I will test it and post if it solves the problem

thx

Actions

This Discussion