Is possible use PAT and static NAT at same time?

Julio E. Moisa · ‎11-05-2012

I would like to know if the Cisco ASA allows work with a PAT and static NAT configuration at the same time.

Currently i have a Pat working successfully but i would like to map an inside IP address to a Public ip address

Could you please help me? thanks

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Jennifer Halim · ‎11-05-2012

You can static NAT it to a different unique address than what you have configured for your PAT. They can't share the same IP Address.

If you are using the ASA outside interface, then you would need to configure static PAT using the ASA outside interface.

Julio E. Moisa · ‎11-05-2012

So, can I use the same outside and inside interface for PAT and static NAT?

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Julio E. Moisa · ‎11-05-2012

For example: Can i have the following configuration?

interface Ethernet0/0

description [outside]

duplex full

nameif outside

security-level 0

ip address x.x.x.1 255.255.255.248

interface Ethernet0/1

description [inside]

duplex full

nameif inside

security-level 0

ip address y.y.y.1 255.255.255.252

******************************** PAT *************************************

global (outside) 1 interface

nat (inside) 1 10.0.0.0 255.255.255.0

******************************** Stactic NAT ***************************

nat (inside,outside) x.x.x.2 10.0.0.100 netmask 255.255.255.255

Thank you

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Jennifer Halim · ‎11-05-2012

Yes, definitely can do that.

And the static NAT will take precedence for 10.0.0.100, and it will be NATed to x.x.x.2 on both direction.

Just have to make sure that you "clear xlate" after the changes.