ASA with 3 interfaces inside to outside access

Unanswered Question
Sep 20th, 2010

We have what I would call a standard ASA config with 3 interfaces. Inside, DMZ (for web servers) and outside for internet.

We need to allow an inside server to have direct access to an outside resource on the internet.

I want to know if this is as simple as setting up a static NAT from inside to outside and a ACL to allow outbound traffic only.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Nagaraja Thanthry Mon, 09/20/2010 - 10:23


You are correct. All you need is NAT and access-list configuration on the firewall to allow inside to talk to internet. You can use either the static NAT or dynamic NAT to enable communication between the inside and the internet.

Static NAT:

static (inside,outside) netmask

Dynamic NAT:

global (outside) 1 interface

nat (inside) 1

Hope this helps.




This Discussion