Showing results for 
Search instead for 
Did you mean: 

ASA 5510 inside source NATing

Level 1
Level 1

Hi Everyone.

I have a project which requires a router from inside our ASA5510 firewall to initiate a VPN connection over the internet to a server. We have this at two DC's one which connects to a cisco 1941 router and then to the internet - our other DC has an ASA5510 that boarders the internet.

The Cisco 1941 connection works fine but I am unsure of the commands needed to get inside source NATing working on the ASA5510 (software version 8.2 (5)) at our second DC, can you please help?

Cisco 1941 config details working;

interface Vlan40
ip address ( = Public IP)
ip flow ingress
ip nat outside

interface GigabitEthernet0/0
ip address
ip nat inside

ip nat inside source static ( = Public IP)

( = router initiating the VPN connection) 

Cisco ASA5510 config details so far;

interface Ethernet0/3

nameif Internet

ip address

interface Ethernet0/2.8
vlan 8
nameif TNSoutside
ip address

static (TNSoutside,Internet) netmask

( = Public IP) ( = router initiating the VPN connection) 

I have been thinking I need something like this;

access-list TNSOutside_nat0_outbound extended permit ip

nat (TNSOutside) 1 access-list TNSOutside_nat0_outbound

2 Replies 2

Ganesh Hariharan
VIP Alumni
VIP Alumni

Hello ,

Adding to Masoud comments, do have a look on the ASA Natting configuration example for more infromation and help.

Hope it Helps..



This command is correct for static NAT. Static NAT is bi-directional so it works both ways.

static (TNSoutside,Internet) netmask

The second command is used for policy NAT. It is usually used when you have two gateways and you want to share the load across two links. First, your config is not complete. Second, it may not work because it does not put entry into NAT table unless the session initiates from inside.

This an example for Policy NAT.

 access-list P1 permit ip host host
 access-list P2 permit ip host host
  nat (inside) 10 access-list P2
  global (outside) 10  (first gateway)
  nat (inside) 20 access-list P2
  global (outside) 20     (second gateway)

Hope it helps,


Review Cisco Networking for a $25 gift card