ASA : PAT question

ksnarayan43 · ‎03-14-2009

Hi: I had question on the working of PAT.

I have one Public IP address, I would like to perform PAT. The Firewall is not allowing me. Is there a way to configure PAT with one Public IP address. This Public IP address is also the external interface IP address.

would appreciate the help

thank you

JamesLuther · ‎03-14-2009

Hi,

The two lines below (which you have) will do PAT with one public IP

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

However I'm not sure what this line is doing as the ACL doesn't exist

nat (inside) 0 access-list inside_nat0_outbound

Nat 0 statemnts with an ACL are processed first, if there is no ACL then i'm not sure what the behaviour might be (accept all or deny all?). Try removing this line from the configuration

Regards

ksnarayan43 · ‎03-14-2009

thank you James.

I will remove the NAT statement.

Do i need to define Public IP address?

example

global (outside) 1 10.1.1.254

thx

JamesLuther · ‎03-14-2009

Hi,

If you want your PAT IP to be different than the interface IP then you define it.

However as you only have one public IP then just use the interface option ie

global (outside) 1 interface

Regards

JamesLuther · ‎03-14-2009

BTW, please post to say if this solves your problem as I would be interested to know.

Thanks

ksnarayan43 · ‎03-14-2009

thanks James. I will test it and post if it solves the problem

thx