Nat terminology – Cisco ASA 5505 User Manual
Page 556
 
29-2
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 29 Information About NAT
NAT Terminology
One of the main functions of NAT is to enable private IP networks to connect to the Internet. NAT 
replaces a private IP address with a public IP address, translating the private addresses in the internal 
private network into legal, routable addresses that can be used on the public Internet. In this way, NAT 
conserves public addresses because it can be configured to advertise at a minimum only one public 
address for the entire network to the outside world.
Other functions of NAT include:
•
Security—Keeping internal IP addresses hidden discourages direct attacks.
•
IP routing solutions—Overlapping IP addresses are not a problem when you use NAT.
•
Flexibility—You can change internal IP addressing schemes without affecting the public addresses 
available externally; for example, for a server accessible to the Internet, you can maintain a fixed IP 
address for Internet use, but internally, you can change the server address.
Note
NAT is not required. If you do not configure NAT for a given set of traffic, that traffic will not be 
translated, but will have all of the security policies applied as normal.
NAT Terminology
This document uses the following terminology:
•
Real address/host/network/interface—The real address is the address that is defined on the host, 
before it is translated. In a typical NAT scenario where you want to translate the inside network when 
it accesses the outside, the inside network would be the “real” network. Note that you can translate 
any network connected to the ASA, not just an inside network, Therefore if you configure NAT to 
translate outside addresses, “real” can refer to the outside network when it accesses the inside 
network.
•
Mapped address/host/network/interface—The mapped address is the address that the real address is 
translated to. In a typical NAT scenario where you want to translate the inside network when it 
accesses the outside, the outside network would be the “mapped” network.
•
Bidirectional initiation—Static NAT allows connections to be initiated bidirectionally, meaning 
both to the host and from the host.
•
Source and destination NAT—For any given packet, both the source and destination IP addresses are 
compared to the NAT rules, and one or both can be translated/untranslated. For static NAT, the rule 
is bidirectional, so be aware that “source” and “destination” are used in commands and descriptions 
throughout this guide even though a given connection might originate at the “destination” address.