static NAT

Posted on 2013-01-01
Last Modified: 2013-01-02
Hi Experts,

On ASA 8.2 code, can someone tell me what this is doing?

access-list nat1 extended permit ip host
static (outside, inside) access-list nat1

Question by:trojan81
LVL 35

Expert Comment

by:Ernie Beek
ID: 38735815
This is called policy nat.
As per Cisco: When you configure "policy NAT," you identify the real addresses and destination/source addresses using an extended access list.
LVL 15

Accepted Solution

max_the_king earned 500 total points
ID: 38735825
that is a  policy static NAT: you can read the following link for full explanation:

basically, you're telling ASA to use tha IP address whenever an IP in the LAN wants to get an IP connection to host

hope this helps

Expert Comment

ID: 38735923

Author Comment

ID: 38736675
Thanks guys, especially Max.  You've confirmed what I thought.

This is basically a destination NAT. When on the inside talks to on the outside, destination NAT it so that after the NAT is done it will look like this: sending traffic to destination

Does that sound correct?
LVL 15

Expert Comment

ID: 38736798
Yes trojan81, where i may assume comes from another interface, such as a dmz or something routed from above.


Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco 2960 PACL 9 93
Using Cisco Meraki for home use after the license expired ? 7 81
Cisco Firewall setup within a managed office 8 69
Using VLAN Interface in ASA 5 21
If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
Delivering innovative fully-managed cloud services for mission-critical applications requires expertise in multiple areas plus vision and commitment. Meet a few of the people behind the quality services of Concerto.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now