Configuring dynamic nat – Cisco ASA 5505 User Manual
Page 610
31-4
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 31 Configuring Twice NAT
Configuring Twice NAT
Configuring Dynamic NAT
This section describes how to configure twice NAT for dynamic NAT. For more information, see the
“Dynamic NAT” section on page 29-8
.
Detailed Steps
Command
Purpose
Step 1
Network object:
object network
obj_name
{host ip_address | subnet
subnet_address netmask | range
ip_address_1 ip_address_2}
Network object group:
object-group network
grp_name
{network-object {object net_obj_name |
subnet_address netmask |
host
ip_address} |
group-object
grp_obj_name}
Example:
hostname(config)# object network MyInsNet
hostname(config-network-object)# subnet
10.1.1.0 255.255.255.0
Configure the real source addresses.
You can configure either a network object or a network object
group. For more information, see the
If you want to translate all traffic, you can skip this step and
specify the any keyword instead of creating an object or group.
Step 2
Network object:
object network
obj_name
range
ip_address_1 ip_address_2
Network object group:
object-group network
grp_name
{network-object {object net_obj_name |
host
ip_address} |
group-object
grp_obj_name}
Example:
hostname(config)# object network NAT_POOL
hostname(config-network-object)# range
209.165.201.10 209.165.201.20
Configure the mapped source addresses.
You can configure either a network object or a network object
group.
For dynamic NAT, you typically configure a larger group of
addresses to be mapped to a smaller group. If a mapped network
object contains both ranges and host IP addresses, then the ranges
are used for dynamic NAT, and then the host IP addresses are used
as a PAT fallback.
Note
The mapped object or group cannot contain a subnet.
See the
“Guidelines and Limitations” section on page 31-2
for
information about disallowed mapped IP addresses.