DYNAMIC PAT CONFIGURATION ON CISCO ASA

One of key features associated with Cisco ASA firewall is to NAT. Over the time ASA has come up with new versions and NAT has been fine-tuned with new sorts and commands.

Below is the configuration example where Dynamic PAT (NAT Overload) has been configured on the Firewall when LAN users are translated to Public IP (Interface IP or IP from Public Pool).

This type of Dynamic NAT/PAT configuration is used to provide internet access to LAN Users  by translating LAN Subnet with Outside Interface of Firewall or any Public IP address. This type of NAT only allows flows to be initiated from inside LAN towards Outside. Any traffic generated from Outside Zone will not be translated in this dynamic PAT setup.

Related- Dynamic vs Static NAT

Note – For test scenario we are considering subnet 192.168.2.0/24 as Private IP Pool while 192.168.1.0/24 as Public IP Pool.

DYNAMIC PAT FOR ASA VERSION 8.3 AND EARLIER –

NAT Translation for Source 192.168.2.0/24 with WAN Interface –

NAT Translation for Source 192.168.2.0/24 with Public IP –

DYNAMIC PAT FOR ASA VERSION 8.4 ONWARDS –

NAT Translation for Source 192.168.2.0/24 with WAN Interface –

NAT Translation for Source 192.168.2.0/24 with Public IP –

VERIFICATION –

Following command on ASA Firewall provides output on NAT translations on source and NAtted IPs and port details –

ABOUT THE AUTHOR

Rashmi Bhardwaj

I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.”

I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.

I am a strong believer of the fact that “learning is a constant process of discovering yourself.”
– Rashmi Bhardwaj (Author/Editor)