Cisco ASA 5505 User Manual

Page 595

Advertising
background image

30-13

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 30 Configuring Network Object NAT

Configuring Network Object NAT

Example

The following example maps a host address to itself using an inline mapped address:

hostname(config)# object network my-host-obj1

hostname(config-network-object)# host 10.1.1.1

hostname(config-network-object)# nat (inside,outside) static 10.1.1.1

Step 3

{host ip_address | subnet subnet_address

netmask | range ip_address_1 ip_address_2}

Example:

hostname(config-network-object)# subnet

10.1.1.0 255.255.255.0

If you are creating a new network object, defines the real IP
address(es) to which you want to perform identity NAT. If you
configured a network object for the mapped addresses in

Step 1

,

then these addresses must match.

Step 4

nat

[(real_ifc,mapped_ifc)] static

{mapped_inline_ip | mapped_obj}

[no-proxy-arp] [route-lookup]

Example:

hostname(config-network-object)# nat

(inside,outside) static MAPPED_IPS

Configures identity NAT for the object IP addresses.

Note

You can only define a single NAT rule for a given object.
See the

“Additional Guidelines” section on page 30-2

.

See the following guidelines:

Interfaces—(Required for transparent mode) Specify the real
and mapped interfaces. Be sure to include the parentheses in
your command. In routed mode, if you do not specify the real
and mapped interfaces, all interfaces are used; you can also
specify the keyword any for one or both of the interfaces.

Mapped IP addresses—Be sure to configure the same IP
address for both the mapped and real address. Use one of the
following:

Network object—Including the same IP address as the
real object (see

Step 1

).

Inline IP address—The netmask or range for the mapped
network is the same as that of the real network. For
example, if the real network is a host, then this address
will be a host address. In the case of a range, then the
mapped addresses include the same number of addresses
as the real range. For example, if the real address is
defined as a range from 10.1.1.1 through 10.1.1.6, and
you specify 10.1.1.1 as the mapped address, then the
mapped range will include 10.1.1.1 through 10.1.1.6.

No Proxy ARP—Specify no-proxy-arp to disable proxy
ARP for incoming packets to the mapped IP addresses. See
the

“Mapped Addresses and Routing” section on page 29-22

for more information.

Route lookup—(Routed mode only; interface(s) specified)
Specify route-lookup to determine the egress interface using
a route lookup instead of using the interface specified in the
NAT command. See the

“Determining the Egress Interface”

section on page 29-24

for more information.

Command

Purpose

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals