Cisco ASA 5505 User Manual
Page 592
30-10
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 30 Configuring Network Object NAT
Configuring Network Object NAT
Configuring Static NAT or Static NAT-with-Port-Translation
This section describes how to configure a static NAT rule using network object NAT. For more
information, see the
“Static NAT” section on page 29-3
.
Detailed Steps
Command
Purpose
Step 1
(Optional)
Network object:
object network
obj_name
{host ip_address |
subnet
subnet_address netmask |
range
ip_address_1 ip_address_2}
Network object group:
object-group network
grp_name
{network-object {object net_obj_name |
subnet_address netmask |
host
ip_address} |
group-object
grp_obj_name}
Example:
hostname(config)# object network
MAPPED_IPS
hostname(config-network-object)# subnet
10.1.1.0 255.255.255.0
To specify the mapped addresses (that you want to translate to),
configure a network object or network object group. A network
object group can contain objects and/or inline addresses.
Alternatively, you can skip this step if you want to enter the
IP addresses as an inline value for the nat command or if you want
to use the interface address (for static NAT-with-port-translation)
by specifying the interface keyword.
See the
“Guidelines and Limitations” section on page 30-2
for
information about disallowed mapped IP addresses.
For more information about configuring a network object or
group, see the
“Configuring Objects” section on page 13-3
.
Step 2
object network
obj_name
Example:
hostname(config)# object network
my-host-obj1
Configures a network object for which you want to configure
NAT, or enters object network configuration mode for an existing
network object.
Step 3
{host ip_address | subnet subnet_address
netmask | range ip_address_1 ip_address_2}
Example:
hostname(config-network-object)# subnet
10.2.1.0 255.255.255.0
If you are creating a new network object, defines the real IP
address(es) that you want to translate.