Cisco ASA 5505 User Manual
Page 601
30-19
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 30 Configuring Network Object NAT
Configuration Examples for Network Object NAT
Step 2
Define the FTP server address, and configure static NAT with identity port translation for the FTP server:
hostname(config-network-object)# host 10.1.2.27
hostname(config-network-object)# nat (inside,outside) static 209.165.201.3 service tcp ftp
ftp
Step 3
Create a network object for the HTTP server address:
hostname(config)# object network HTTP_SERVER
Step 4
Define the HTTP server address, and configure static NAT with identity port translation for the HTTP
server:
hostname(config-network-object)# host 10.1.2.28
hostname(config-network-object)# nat (inside,outside) static 209.165.201.3 service tcp
http http
Step 5
Create a network object for the SMTP server address:
hostname(config)# object network SMTP_SERVER
Step 6
Define the SMTP server address, and configure static NAT with identity port translation for the SMTP
server:
hostname(config-network-object)# host 10.1.2.29
hostname(config-network-object)# nat (inside,outside) static 209.165.201.3 service tcp
smtp smtp
DNS Server on Mapped Interface, Web Server on Real Interface (Static NAT
with DNS Modification)
For example, a DNS server is accessible from the outside interface. A server, ftp.cisco.com, is on the
inside interface. You configure the ASA to statically translate the ftp.cisco.com real address (10.1.3.14)
to a mapped address (209.165.201.10) that is visible on the outside network. (See
.) In this
case, you want to enable DNS reply modification on this static rule so that inside users who have access
to ftp.cisco.com using the real address receive the real address from the DNS server, and not the mapped
address.