Cisco ASA 5505 User Manual
Page 632
31-26
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 31 Configuring Twice NAT
Configuration Examples for Twice NAT
hostname(config-network-object)# host 209.165.202.130
Step 7
Configure the second twice NAT rule:
hostname(config)# nat (inside,dmz) source dynamic myInsideNetwork PATaddress2 destination
static DMZnetwork2 DMZnetwork2
Different Translation Depending on the Destination Address and Port (Dynamic
PAT)
shows the use of source and destination ports. The host on the 10.1.2.0/24 network accesses
a single host for both web services and Telnet services. When the host accesses the server for Telnet
services, the real address is translated to 209.165.202.129:port. When the host accesses the same server
for web services, the real address is translated to 209.165.202.130:port.
Figure 31-2
Twice NAT with Different Destination Ports
Step 1
Add a network object for the inside network:
hostname(config)# object network myInsideNetwork
hostname(config-network-object)# subnet 10.1.2.0 255.255.255.0
Step 2
Add a network object for the Telnet/Web server:
hostname(config)# object network TelnetWebServer
hostname(config-network-object)# host 209.165.201.11
Step 3
Add a network object for the PAT address when using Telnet:
hostname(config)# object network PATaddress1
Web and Telnet server:
209.165.201.11
Internet
Inside
Translation
209.165.202.129
10.1.2.27:80
10.1.2.27
10.1.2.0/24
Translation
209.165.202.130
10.1.2.27:23
Web Packet
Dest. Address:
209.165.201.11:80
Telnet Packet
Dest. Address:
209.165.201.11:23
130040