Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 8.2 ,NAT

Hi All.Need assisstance on this issue.I am working on ASA 8.2. We have a public block for customer pointed to ASA .

Now customer wants access from to . He is coming from private ip address trying to access public ip address its not working. Subnet is NATed and on ASA its learned via default i.e OUTSIDE .Customer cannot access the public ip address ,as he is coming from then NATed to .So its like,he is coming on Outside interface and going to Outside interface. This setup is not working.


Below is the rough setup:

C is directly connected, inside
C is directly connected, dmz


static (inside,outside) netmask 
static (dmz,outside) netmask 


nat (inside) 0 access-list nat_exempt
nat (inside) 1
nat (dmz) 1
nat (VPN-zone) 1
global (outside) 1 interface


access-list nat_exempt extended permit ip any host log 



New Member

Hi!In ASDM you can use Packet


In ASDM you can use Packet Tracer to check where the packet gets stuck. 

I always use that feature to check any problems when I am not sure what to do. 


New Member

Thankyou Lajja

Thankyou Lajja

Hi,If you access from Inside


If you access from Inside to DMZ..... He can be able to do that using its private ip address....

say he can access from to

for this we need to have a no-nat rule between these private ip's

access-list no-nat permit ip host host

nat (inside) 0 access-list no-nat


Also you need to allow it in the access-list which you put for outbound traffic... i.e. on the inside interface binded acl...


Other option is to do DNS doctoring.....






New Member

Thankyou nkarthikeyan 

Thankyou nkarthikeyan