Showing results for 
Search instead for 
Did you mean: 

NAT (outside,inside) question

Vlad Olteanu
Level 1
Level 1

Hi All,

I have to NAT my internet router ( to an internal IP ( on my Cisco ASA 5510 (8.4(7)), I have to monitor the router with an internal application.


I made the following configuration, but it doesn't work...


object network Internet_router


object network Internet_router

  nat (outside,inside) static


access-list from_outside extended permit ip host any
access-list from_inside extended permit ip any host


same-security-traffic permit intra-interface


Router------------------------[ASA]--------------------------Server (monitor)                                               


What did I wrong?


Thank you





1 Reply 1

Collin Clark
VIP Alumni
VIP Alumni

Create the object for your inside host

object network

Then NAT your external IP to it

nat (inside,outside) static interface

Your ACL should permit access to the real IP not the mapped IP.

access-list from_outside extended permit ip any host 

Note that if you NAT your routers public IP to an internal IP you will lose all connectivity to the routers outside IP. It would be better to NAT just the ports you need.

object network
 nat (inside,outside) static interface service udp 161 161

Review Cisco Networking for a $25 gift card