static NAT

Posted on 2013-01-01
Last Modified: 2013-01-02
Hi Experts,

On ASA 8.2 code, can someone tell me what this is doing?

access-list nat1 extended permit ip host
static (outside, inside) access-list nat1

Question by:trojan81
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 35

Expert Comment

by:Ernie Beek
ID: 38735815
This is called policy nat.
As per Cisco: When you configure "policy NAT," you identify the real addresses and destination/source addresses using an extended access list.
LVL 16

Accepted Solution

max_the_king earned 500 total points
ID: 38735825
that is a  policy static NAT: you can read the following link for full explanation:

basically, you're telling ASA to use tha IP address whenever an IP in the LAN wants to get an IP connection to host

hope this helps

Expert Comment

ID: 38735923

Author Comment

ID: 38736675
Thanks guys, especially Max.  You've confirmed what I thought.

This is basically a destination NAT. When on the inside talks to on the outside, destination NAT it so that after the NAT is done it will look like this: sending traffic to destination

Does that sound correct?
LVL 16

Expert Comment

ID: 38736798
Yes trojan81, where i may assume comes from another interface, such as a dmz or something routed from above.


Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question