PAT and Static nat combination in ASA firewall

Rupesh Kashyap · ‎06-03-2009

Hi, I am using ASA 55200 firewall. My internal subnet is 10.4.0.0.

I want to confirm, if both PAT and Static nat is configured, Does Static nat work ?

What is the meaning of same IP in Static nat ?

Hope, PAT/Static NAT works only for traffic if initiated from inside n/w. Please clarify.

global (outside) 10 172.16.2.13 netmask 255.255.255.255

nat (inside) 10 0.0.0.0 0.0.0.0

static (inside,outside) 10.4.3.18 10.4.3.18 netmask 255.255.255.255

static (inside,outside) 10.4.3.194 10.4.3.194 netmask 255.255.255.255

Rupesh Kashyap · ‎06-03-2009

sir, pls help.

Richard Burts · ‎06-04-2009

Rupesh

In the ASA5520 firewall it does work if you configure both PAT and static NAT. The addresses that you specify with static NAT will be translated that way and other addresses will be translated using PAT.

PAT is effective to allow devices inside to initiate traffic outbound and to allow responses to come back but is not effective to allow devices outside to initiate traffic inbound. To allow outside devices to initiate traffic inbound you do static NAT.

In the static NAT is the same address is used in both parameters then it means that the device uses the same address on the inside and on the outside. (effectively the address is translated to itself)

HTH

Rick

HTH

Rick