PAT and Static nat combination in ASA firewall

Unanswered Question
Jun 3rd, 2009
User Badges:

Hi, I am using ASA 55200 firewall. My internal subnet is 10.4.0.0.


I want to confirm, if both PAT and Static nat is configured, Does Static nat work ?


What is the meaning of same IP in Static nat ?


Hope, PAT/Static NAT works only for traffic if initiated from inside n/w. Please clarify.

global (outside) 10 172.16.2.13 netmask 255.255.255.255

nat (inside) 10 0.0.0.0 0.0.0.0


static (inside,outside) 10.4.3.18 10.4.3.18 netmask 255.255.255.255

static (inside,outside) 10.4.3.194 10.4.3.194 netmask 255.255.255.255


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Thu, 06/04/2009 - 03:42
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Rupesh


In the ASA5520 firewall it does work if you configure both PAT and static NAT. The addresses that you specify with static NAT will be translated that way and other addresses will be translated using PAT.


PAT is effective to allow devices inside to initiate traffic outbound and to allow responses to come back but is not effective to allow devices outside to initiate traffic inbound. To allow outside devices to initiate traffic inbound you do static NAT.


In the static NAT is the same address is used in both parameters then it means that the device uses the same address on the inside and on the outside. (effectively the address is translated to itself)


HTH


Rick

Actions

This Discussion