Cisco ASA 5505 User Manual

Page 621

Advertising
background image

31-15

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 31 Configuring Twice NAT

Configuring Twice NAT

Configuring Static NAT or Static NAT-with-Port-Translation

This section describes how to configure a static NAT rule using twice NAT. For more information about
static NAT, see the

“Static NAT” section on page 29-3

.

Detailed Steps

Command

Purpose

Step 1

Network object:

object network

obj_name

{host ip_address | subnet

subnet_address netmask | range

ip_address_1 ip_address_2}

Network object group:

object-group network

grp_name

{network-object {object net_obj_name |

subnet_address netmask |

host

ip_address} |

group-object

grp_obj_name}

Example:

hostname(config)# object network MyInsNet

hostname(config-network-object)# subnet

10.1.1.0 255.255.255.0

Configure the real source addresses.

You can configure either a network object or a network object
group. For more information, see the

“Configuring Objects”

section on page 13-3

.

Step 2

Network object:

object network

obj_name

{host ip_address | subnet

subnet_address netmask | range

ip_address_1 ip_address_2}

Network object group:

object-group network

grp_name

{network-object {object net_obj_name |

subnet_address netmask |

host

ip_address} |

group-object

grp_obj_name}

Example:

hostname(config)# object network

MyInsNet_mapped

hostname(config-network-object)# subnet

192.168.1.0 255.255.255.0

Configure the mapped source addresses.

You can configure either a network object or a network object
group. For static NAT, the mapping is typically one-to-one, so the
real addresses have the same quantity as the mapped addresses.
You can, however, have different quantities if desired. For more
information, see the

“Static NAT” section on page 29-3

.

For static interface NAT with port translation (routed mode only),
you can skip this step and specify the interface keyword instead
of a network object/group for the mapped address. For more
information, see the

“Static Interface NAT with Port Translation”

section on page 29-5

.

See the

“Guidelines and Limitations” section on page 31-2

for

information about disallowed mapped IP addresses.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals