- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-04-2015 09:51 PM - edited 03-11-2019 11:13 PM
Hi eveyone,
The discussion is about Static NAT. I have a scenario please clear me about the point of view.
Suppose i have taken a ISP connection for a site and hosting a web server inside the site. ISP has given one IP address that /30. we have requested for pool so, they had also provided a pool of ip address that is /29. Now i want to do static NAT for web server from /30 pool. Do i need to give secondary ip to router or firewall (which ever is connected to ISP). Please suggest me
Solved! Go to Solution.
- Labels:
-
NGFW Firewalls
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-05-2015 07:05 AM
Hi,
It will do that on the basis of the NAT statement alone.
Also , you would need to have an ACL in place to allow this subnet into the internal LAN.
Thanks and Regards,
Vibhor Amrodia

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-04-2015 11:16 PM
Hi,
If you have /30 Subnet , you cannot use any IP for a static One-One NAT configuration on the ASA device.
You can only configure a Static PAT on the ASA device for this IP.
Other than that , if you have a different pool , you just need to configure the static NAT on the ASA device and that should be enough for routing the traffic for it.
Thanks and Regards,
Vibhor Amrodia
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-05-2015 05:58 AM
Hi Vibhor,
Thanks for reply :-)
then how firewall will allow different subnet other than WAN subnet.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-05-2015 07:05 AM
Hi,
It will do that on the basis of the NAT statement alone.
Also , you would need to have an ACL in place to allow this subnet into the internal LAN.
Thanks and Regards,
Vibhor Amrodia
