Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Newbie - Help with Basic NAT on ASA 5505


I have an ASA5505 that I need to configure as follows,

inside networks

outside network

All I want to do is that the inside networks all get translated to and that I can manage the box using

Don't need anything else, DHCP. Just basically NAT for now.

I have the box sitting in front of me with basic config.

Can anyone help a brother out ?


Hall of Fame Super Blue

Re: Newbie - Help with Basic NAT on ASA 5505


nat (inside) 1

nat (inside) 1

global (outside) 1 interface

This is assuming the outside interface of your pix is using the address

To manage it from the outside you can use ssh or IPSEC. SSH is probably the way to go.



New Member

Re: Newbie - Help with Basic NAT on ASA 5505

Hi Jon, thanks for your reponse. How can I test this works before deploying it. I put a router on the inside and can ping the inside asa address. My laptop on the outside and can ping the outside asa address. They cannot see through the asa though ? --> asa inside ---> asa outside ---> laptop

Appreciate any suggestions !


Hall of Fame Super Blue

Re: Newbie - Help with Basic NAT on ASA 5505

You need an access-list ie.

access-list acl_outside permit icmp any any

access-group acl_outside in interface outside

Then ping from router to laptop.


New Member

Re: Newbie - Help with Basic NAT on ASA 5505

Jon, I cannot seem to get this thing working. I am _so_ not the firewall person, this is my first:-) all I need to do is get this thing performing the NAT and so I can telnet to the outside address to manage it after it's installed at site - then the firewall peeps will take care of the rest :-) what am I doing wrong here ? Thanks again.

ASA Version 7.2(2)


hostname ciscoasa

enable password 8il5M/7PS/HH/mgc encrypted



interface Vlan1

nameif inside

security-level 100

ip address


interface Vlan2

nameif outside

security-level 100

ip address


interface Ethernet0/0

switchport access vlan 2


interface Ethernet0/1


interface Ethernet0/2


interface Ethernet0/3


interface Ethernet0/4


interface Ethernet0/5


interface Ethernet0/6


interface Ethernet0/7


passwd xxxxxxxxxxxx encrypted

ftp mode passive

access-list acl_outside extended permit icmp any any

access-list acl_outside extended permit ip any any

pager lines 24

logging asdm informational

mtu outside 1500

mtu inside 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1

nat (inside) 1

access-group acl_outside in interface outside

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0


class-map inspection_default

match default-inspection-traffic



policy-map type inspect dns preset_dns_map


message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp


service-policy global_policy global

prompt hostname context


: end

New Member

Re: Newbie - Help with Basic NAT on ASA 5505

Hey Jon, thanks for all you help, I do appreciate it. I managed to get one of the firewall guys on it :-)

CreatePlease login to create content