Skip to main content



Cisco Defense Orchestrator

Enable Users on the Inside Network to Access the Internet Using the Outside Interface's Public IP Address

Use Case

Allow users and computers in your private network to connect to the internet by sharing the public address of your outside interface.


Create a port address translation (PAT) rule that allows all the users on your private network to share the outside interface public IP address of your device.

After the private address is mapped to the public address and port number, the device records that mapping. When incoming traffic bound for that public IP address and port is received, the device sends it back to the private IP address that requested it. 

Create NAT Rule

  1. On the Devices & Services page, select the device you want to create the NAT rule for.
  2. Click NAT in the Management pane at the right.
  3. Click blue_cross_button.png > Network Object NAT. 
  4. In section 1, Type, select Dynamic. Click Continue.
  5. In section 2, Interfaces, choose any for the source interface and outside for the destination interface. Click Continue.
  6. In section 3, Packets, perform these actions :
    1. Expand the Original Address menu, click Choose and select the any-ipv4 or any-ipv6 object depending on your network configuration.
    2. Expand the Translated Address menu, and select interface from the available list. Interface indicates to use the public address of the outside interface. 
  7. For Firepower Threat Defense (FTD), in section 5, Name, enter a name for the NAT rule.
  8. Click Save.
  9. Review and deploy now the changes you made, or wait and deploy multiple changes at once. 

Entries in the ASA's Saved Configuration File 

Here are the entries that are created and appear in an ASA's saved configuration file as a result of this procedure.

Note: This does not apply to FTD devices.


object network any_network

NAT rule 

object network any_network
 nat (any,outside) dynamic interface