Cisco ASA 5505 User Manual
Page 620
31-14
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 31 Configuring Twice NAT
Configuring Twice NAT
(continued)
•
Destination addresses (Optional):
–
Mapped—Specify a network object or group, or for static
interface NAT with port translation only (routed mode),
specify the interface keyword (see
). If you
specify interface, be sure to also configure the service
keyword. For this option, you must configure a specific
interface for the real_ifc. See the
with Port Translation” section on page 29-5
information.
–
Real—Specify a network object or group (see
For identity NAT, simply use the same object or group for
both the real and mapped addresses.
•
Destination port—(Optional) Specify the service keyword
along with the real and mapped service objects (see
For identity port translation, simply use the same service
object for both the real and mapped ports.
•
DNS—(Optional; for a source-only rule) The dns keyword
translates DNS replies. Be sure DNS inspection is enabled (it
is enabled by default). You cannot configure the dns keyword
if you configure a destination address. See the
for more information.
•
Inactive—(Optional) To make this rule inactive without
having to remove the command, use the inactive keyword. To
reactivate it, reenter the whole command without the inactive
keyword.
•
Description—(Optional) Provide a description up to 200
characters using the description keyword.
Command
Purpose