Configuring identity nat – Cisco ASA 5505 User Manual

Page 594

Advertising
background image

30-12

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 30 Configuring Network Object NAT

Configuring Network Object NAT

Examples

The following example configures static NAT for the real host 10.1.1.1 on the inside to 10.2.2.2 on the
outside with DNS rewrite enabled.

hostname(config)# object network my-host-obj1

hostname(config-network-object)# host 10.1.1.1

hostname(config-network-object)# nat (inside,outside) static 10.2.2.2 dns

The following example configures static NAT for the real host 10.1.1.1 on the inside to 2.2.2.2 on the
outside using a mapped object.

hostname(config)# object network my-mapped-obj

hostname(config-network-object)# host 10.2.2.2

hostname(config-network-object)# object network my-host-obj1

hostname(config-network-object)# host 10.1.1.1

hostname(config-network-object)# nat (inside,outside) static my-mapped-obj

The following example configures static NAT-with-port-translation for 10.1.1.1 at TCP port 21 to the
outside interface at port 2121.

hostname(config)# object network my-ftp-server

hostname(config-network-object)# host 10.1.1.1

hostname(config-network-object)# nat (inside,outside) static interface service tcp 21 2121

Configuring Identity NAT

This section describes how to configure an identity NAT rule using network object NAT. For more
information, see the

“Identity NAT” section on page 29-11

.

Detailed Steps

Command

Purpose

Step 1

(Optional)

object network

obj_name

{host ip_address |

subnet

subnet_address netmask |

range

ip_address_1 ip_address_2}

Example:

hostname(config)# object network

MAPPED_IPS

hostname(config-network-object)# subnet

10.1.1.0 255.255.255.0

For the mapped addresses (which will be the same as the real
addresses), configure a network object. Alternatively, you can
skip this step if you want to enter the IP addresses as an inline
value for the nat command.

For more information about configuring a network object, see the

“Configuring Objects” section on page 13-3

.

Step 2

object network

obj_name

Example:

hostname(config)# object network

my-host-obj1

Configures a network object for which you want to perform
identity NAT, or enters object network configuration mode for an
existing network object.

Advertising