cisco nat

romidiora used Ask the Experts™
Hello Experts,
        I have a question specific to NAT on Cisco ASA firewalls . Specifically is it possible to do an overload(PAT) from the outside going to the inside. I know that Cisco ASA can do inbound NAT as a static NAT, or a port redirection. However I have never heard of doing an inbound overload(PAT).  I.e  from outside get PAT'D to inside address. Any information is greatly appreciated.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

No, you cannot do this on ASA.
NAT relies on the keywords inside and outside to determine which way to  do NAT/PAT. So if you have a NAT already setup for outbound traffic I  don't think you can do it. You would have to inverse what interfaces are  defined as the inside and outside if you already have a NAT configured.
yes , but its not the same as when you do pat from inside to outside because you need to apply an access-list to allow that subnet to access the inside:
nat (outside) 1
global (inside) 1 netmask
access-list ACCESS_OUT_IN permit ip host
access-group ACCESS_OUT_IN interface outside

Hope you find this info helpful
OWASP: Forgery and Phishing

Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.


So can it be done. Hearing some conflicts
luc_roySystem Admin
yes you can do pat from outside to inside

Configure PAT on the outside interface

ASA(config)# global (outside) 1 interface
ASA(config)# nat (inside) 1


Great thanks gentlemen.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial