Skip to main content



Cisco Defense Orchestrator

Enable Users on the Inside Network to Access the Internet Using the Outside Interface's Public IP Address

Use Case

Allow users and computers in your private network to connect to the internet by sharing the public address of your outside interface.


Create a port address translation (PAT) rule that allows all the users on your private network to share the outside interface public IP address of your ASA.

After the private address is mapped to the public address and port number, the ASA records that mapping. When incoming traffic bound for that public IP address and port is received, the ASA sends it back to the private IP address that requested it.  


Before you begin, create a network object called any_network and assign it a single value equal to See Create Network Objects for instructions.

Create NAT Rule

  1. On the Devices & Services page, select the ASA you want to create the NAT rule for.
  2. Click View NAT Rules in the Policy section of the Actions pane.
  3. Click Create NAT Rule > Network Object NAT. 
  4. In section 1, Type, select Dynamic. Click Continue.
  5. In section 2, Interfaces, choose any for the source interface and outside for the destination interface. Click Continue.
  6. In section 3, Packets, perform these actions :
    1. Expand the Original Address menu, click Choose and select the any_network object you created earlier.
    2. Expand the Translated Address menu, and select interface from the available list. Interface indicates to use the public address of the outside interface. 
  7. Click Save.
  8. Return to the Devices & Services page, select the ASA on which you made this change, and Write changes... to the ASA. 

Entries in the ASA's Saved Configuration File 

Here are the entries that are created and appear in the ASA's saved configuration file as a result of this procedure:


object network any_network

NAT rule 

object network any_network
 nat (any,outside) dynamic interface