Information about network object nat, Information about twice nat – Cisco ASA 5505 User Manual

Page 571

Advertising
background image

29-17

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 29 Information About NAT

How NAT is Implemented

Information About Network Object NAT

All NAT rules that are configured as a parameter of a network object are considered to be network object
NAT rules. Network object NAT is a quick and easy way to configure NAT for a network object, which
can be a single IP address, a range of addresses, or a subnet.

After you configure the network object, you can then identify the mapped address for that object, either
as an inline address or as another network object or network object group.

When a packet enters the ASA, both the source and destination IP addresses are checked against the
network object NAT rules. The source and destination address in the packet can be translated by separate
rules if separate matches are made. These rules are not tied to each other; different combinations of rules
can be used depending on the traffic.

Because the rules are never paired, you cannot specify that sourceA/destinationA should have a different
translation than sourceA/destinationB. Use twice NAT for that kind of functionality (twice NAT lets you
identify the source and destination address in a single rule).

To start configuring network object NAT, see

Chapter 30, “Configuring Network Object NAT.”

Information About Twice NAT

Twice NAT lets you identify both the source and destination address in a single rule. Specifying both the
source and destination addresses lets you specify that sourceA/destinationA can have a different
translation than sourceA/destinationB.

The destination address is optional. If you specify the destination address, you can either map it to itself
(identity NAT), or you can map it to a different address. The destination mapping is always a static
mapping.

Twice NAT also lets you use service objects for static NAT with port translation; network object NAT
only accepts inline definition.

To start configuring twice NAT, see

Chapter 31, “Configuring Twice NAT.”

Figure 29-16

shows a host on the 10.1.2.0/24 network accessing two different servers. When the host

accesses the server at 209.165.201.11, the real address is translated to 209.165.202.129. When the host
accesses the server at 209.165.200.225, the real address is translated to 209.165.202.130. (See the

“Single Address for FTP, HTTP, and SMTP (Static NAT-with-Port-Translation)” section on page 30-18

for details on how to configure this example.)

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals