I recently ran into the need to overload a public IP address, using port address translation (PAT) to allow multiple internal devices to share one public IP. Surprisingly, it was a lot harder finding the info needed to do this than I expected, largely because Cisco changed the syntax for this in ASA version 8.4, and as such many older posts are no longer valid.
The basic NAT syntax in ASA 8.4 is as follows:
nat (insideinterfacename,outsideinterfacename) static publicIPaddress service tcp_or_udp internalport externalport
The following example overloads a single public IP address as shown below:
| Description | Internal IP | Internal Port | External IP | External Port |
| Server01 | 10.20.20.1 | 80 | 1.1.1.1 | 81 |
| Server02 | 10.20.20.2 | 80 | 1.1.1.1 | 82 |
Note we’re using two different internal IPs, but only one external IP, with different external ports mapping to different internal addresses.
object network Server01
host 10.20.20.1
nat (inside,Outside) static 1.1.1.1 service tcp 80 81
object network Server02
host 10.20.20.2
nat (inside,Outside) static 1.1.1.1 service tcp 80 82
If you need to translate multiple ports for the same destination server, you will need to create an object for each port:
| Description | Internal IP | Internal Port | External IP | External Port |
| Server01_http | 10.20.20.1 | 80 | 1.1.1.1 | 81 |
| Server01_https | 10.20.20.1 | 443 | 1.1.1.1 | 8081 |
object network Server01_http
host 10.20.20.1
nat (inside,Outside) static 1.1.1.1 service tcp 80 81
object network Server01_https
host 10.20.20.1
nat (inside,Outside) static 1.1.1.1 service tcp 443 8081
Hope this helps!
Trials of a Network Admin 