Enable Users on the Inside Network to Access the Internet Using the Outside Interface's Public IP Address

Use Case

Allow users and computers in your private network to connect to the internet by sharing the public address of your outside interface.

Strategy

Create a port address translation (PAT) rule that allows all the users on your private network to share the outside interface public IP address of your device.

After the private address is mapped to the public address and port number, the device records that mapping. When incoming traffic bound for that public IP address and port is received, the device sends it back to the private IP address that requested it.

Procedure


Step 1

In the left pane, click Security Devices.

Step 2

Click the Devices tab to locate the device or the Templates tab to locate the model device.

Step 3

Click the appropriate device type tab.

Step 4

Select the device you want to create the NAT rule for.

Step 5

Click NAT in the Management pane at the right.

Step 6

Click Network Object NAT.

Step 7

In section 1, Type, select Dynamic. Click Continue.

Step 8

In section 2, Interfaces, choose any for the source interface and outside for the destination interface. Click Continue.

Step 9

In section 3, Packets, perform these actions :

  1. Expand the Original Address menu, click Choose and select the any-ipv4 or any-ipv6 object depending on your network configuration.

  2. Expand the Translated Address menu, and select interface from the available list. Interface indicates to use the public address of the outside interface.

Step 10

For an FDM-managed device, in section 5, Name, enter a name for the NAT rule.

Step 11

Click Save.

Step 12

Review and deploy now the changes you made, or wait and deploy multiple changes at once.


Entries in the ASA's Saved Configuration File

Here are the entries that are created and appear in an ASA's saved configuration file as a result of this procedure.

Note

This does not apply to FDM-managed devices.

Objects created by this procedure:

object network any_network
subnet 0.0.0.0 0.0.0.0

NAT rules created by this procedure:

object network any_network
nat (any,outside) dynamic interface