Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Configuring NAT on asa 5505

Configuring NAT on asa 5505 9 years 6 months ago #20978

  • alpine
  • alpine's Avatar
  • Offline
  • New Member
  • Posts: 9
  • Karma: 0
I am having a difficult time understanding how to do this. Here is a idea of my network


Currently my netvanta IOS firewall does the natting I want to disable the netvanta ios firewall for the ASA5505. How do I setup natting on the asa to replace the netvanta IOS fw. I have created a global route, this points to the e0/0 port on the netvanta. Would i add a static or dynamic rule? on ADSM I am thinking of trying this

interface inside
ip address e0/0 in the asa 5505

Dynamic translation interface inside
add global pool--range

would this work?

The administrator has disabled public write access.

Re: Configuring NAT on asa 5505 9 years 6 months ago #20979

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Hi there,

Static mappings are usually for allowing traffic in. You can define an external IP Address and Map it to an Internal IP Address for hosting services to the Internet. It does however work in the other way aswell, since the translation is in place it will work for both directions.

To do a NAT from inside to out you need to first define your global pool (or address/interface) and then assing a NAT.

This is done as follows;

global (outside) 1 interface
nat (inside) 1

The number 1 is used to "glue" if you like these two commands together. The Nat is saying MAP every possible internal address. The global is saying, translat these internal addresses to the addres on the outside interface (Will actually setup PAT but usually you only have a single IP Address). If you have a pool of addresses you can say,

global (outside) 1 netmask

This will basically configure 1 to 1 NAT translations for the first 50 devices 100-149 and then once the next ones come along, it will start to us PAT (NAT Overload some routers refer to it as).


Wayne Murphy Team Member

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit or PM me for details.
The administrator has disabled public write access.
Time to create page: 0.073 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup