Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Firewall NAT

I'm trying to do some natting. My intention is to NAT a public address space ( /25) subnet to a single address on my private network ( /32).

the intent is to get the servers in the private subnet (VLAN'd) to respond to ANY server in the public subnet on the natted 192 address.

I'm thinking I can do this with the following config:

static (outside,inside) <> <> netmask

but, i'm not sure that it will NAT ANY address in the /25 subnet..

Any insight would be helpful...




Re: Firewall NAT

If I understand your requirements correctly, it is not possible. How would the NAT address know what IP to go to on the inside?

Community Member

Re: Firewall NAT

the source subnet (VLAN) is direct connect to the firewall as is the destination subnet (VLAN). I'm thinking, for example:

server A; executes a packet destined for the network, it gets NAT'd to,

a route on the firewall to the 192 subnet (also connected VLAN) routes the traffic to the interface for the 192 address space..


Re: Firewall NAT

So are you looking to not NAT? If sends a message to, it does not need to NAT. There is no tranlsation between the subnets. If you wanted to NAT, let's use the subnet of, the server would message, which in turn would be NAT'd to Hope that make sense.

Community Member

Re: Firewall NAT


the intent is to get the (and any other server in that /25 subnet) to the /24 to give the appearance that all traffic from the 10.1.17 is being sourced as

does that make better sense...maybe i didnt explain it correctly

Community Member

Re: Firewall NAT

sorry, after rereading this, i needed to clarify.

"to give the appearce that all traffic from the /25 is being sourced as host address"

I'm not even sure that it can be done...

i want the hosts in the /24 to ALWAYS talk back to which NATs to ANY /25...

does that make sense??

Cisco Employee

Re: Firewall NAT

I think this is your traffic flow

Outside ( -> Inside (

But Inside sees Outside network as Am I correct?

If yes, then you can do policy NAT

access-list NET10-1-1-0 extended permit ip host

static (outside,inside) access-list NET10-1-1-0

But the will not be a /24, it will match the source on the ACL to be a /25.



Community Member

Re: Firewall NAT

we got it...

we set the following

global 1 interface

nat 1 access-list

BAM worked like a champ...

thanks for all the responses

CreatePlease to create content