static NAT

Posted on 2013-01-01
Last Modified: 2013-01-02
Hi Experts,

On ASA 8.2 code, can someone tell me what this is doing?

access-list nat1 extended permit ip host
static (outside, inside) access-list nat1

Question by:trojan81
LVL 35

Expert Comment

by:Ernie Beek
ID: 38735815
This is called policy nat.
As per Cisco: When you configure "policy NAT," you identify the real addresses and destination/source addresses using an extended access list.
LVL 16

Accepted Solution

max_the_king earned 500 total points
ID: 38735825
that is a  policy static NAT: you can read the following link for full explanation:

basically, you're telling ASA to use tha IP address whenever an IP in the LAN wants to get an IP connection to host

hope this helps

Expert Comment

ID: 38735923

Author Comment

ID: 38736675
Thanks guys, especially Max.  You've confirmed what I thought.

This is basically a destination NAT. When on the inside talks to on the outside, destination NAT it so that after the NAT is done it will look like this: sending traffic to destination

Does that sound correct?
LVL 16

Expert Comment

ID: 38736798
Yes trojan81, where i may assume comes from another interface, such as a dmz or something routed from above.


Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Lync - CUCM Integration Question 2 37
Vlan extend across 2 switches 16 27
Hit router interface limit 7 42
Cisco Router Security Commands. 2 31
There are many useful and sometimes not well documented or forgotten IOS or ASA/PIX commands. See IPE article here , there was also one on PacketU and on Cisco Tips & Tricks. Below are my favorites. I give also a few most often used for Cisco IPS an…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question