Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Source IP address should be NAT'ed Address

Our exchange folks are moving to 2007. They are trying to put up new edge servers and have asked for outside addresses for the edge servers. Problem is that they want to source IP to be the same address as the NAT. Below is an example of the NAT. What commands do I need to add for this to happen? Today when these edge servers go outside they look to be coming from the outside interface of the ASA.

static (inside,outside) netmask

I want them to look like they are coming from




Re: Source IP address should be NAT'ed Address

Not too hard.

Add an additional static nat entry and reverse it.

static (outside,inside) netmask

New Member

Re: Source IP address should be NAT'ed Address

Thanks for the information. Is this configuration mandatory. In other words, if I do not add this NAT, will I look like the outside address of the FW?

Also do you know of any good resources to test this? I am looking for something that is not using port 80.

Re: Source IP address should be NAT'ed Address

Yes, the command "global (outside) interface" uses the outside address of the firewall as the port translation address so all inbound users that go out to the internet will appear as the outside address of the firewall.

Doing this both with the inside,outside and outside,inside static mapping will make traffic inbound hit that internal server and also appear to the internet as the same IP address it came in on.

If you want to test it, go ahead, but it is not really necessary in my opinion. I have done this many times with no problems.

CreatePlease to create content